Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

CNCF introduces a Kubernetes bug bounty program

The Cloud Native Computing Platform is funding a new Kubernetes bug bounty program to reward the researchers who find security vulnerabilities in Kubernetes’ codebase as well as build and release processes.  The program was launched by the Kubernetes Product Security Committee together with bug bounty program vendor HackerOne.  “As a CNCF graduated project, it is … continue reading

DeepCode reveals the top security issues plaguing software developers

DeepCode has revealed the most important bugs as well as the top security vulnerabilities. The analysis comes from the company’s AI-powered code review tool, which analyzed hundreds of thousands of open-source projects to narrow down the vulnerabilities that happen with the most frequency.  According to the analysis, file I/O corruptions are the biggest general issue … continue reading

SD Times news digest: Synopsys acquires Tinfoil Security, Sisense announces $100 million funding round,and Postman updates its plans

Synopsys announced that it acquired Tinfoil Security, an innovative provider of dynamic application security testing (DAST) and API security testing solutions.  “Tinfoil Security provides Synopsys with proven DAST technology that can be seamlessly integrated into development and DevOps workflows. Furthermore, Tinfoil Security’s innovative API scanning technology addresses an emerging demand in the market and will … continue reading

SD Times news digest: Facebook fined again for Cambridge Analytica scandal, Google’s privacy commitment and Visual Studio 2019 for Mac version 8.4 preview 4

Brazil fined Facebook $1.6 million for their role in the Cambridge Analytica scandal. The country’s justice ministry said that the fines are tied to unlawful sharing of data from its users in Brazil. “It’s evident that the data of about 443,000 users of the platform were made available by the developers of the app ‘thisisyourdigitallife’ … continue reading

SD Times news digest: VMware’s acquisition of Pivotal, GitHub Enterprise on AWS Marketplace, and security patches for Git vulnerabilities

VMware announced that it completed the acquisition of Pivotal Software, a cloud-native platform provider. “We believe that modern application development solutions and practices need to be easily accessible to everyday enterprises across the globe. With Pivotal’s developer capabilities as the foundation, we’ll focus on delivering consumable, enterprise-ready cloud native offerings to customers to help them … continue reading

SD Times news digest: Mastercard acquires cybersecurity company, XR Association updates developers guide, and Nim’s gc:arc feature

Mastercard announced an agreement to acquire RiskRecon to help financial institutions, merchants and governments to secure their digital assets.  With RiskRecon’s AI and data-driven technology is designed to help organizations proactively manage cyber risks and better safeguard intellectual property and consumer and payment data.  “By becoming part of their team, we have an opportunity to … continue reading

Business logic flaws: How to address them during application design

Software applications have become significantly more complex over the past decade. This bodes well for the creation of new application-based business opportunities and additional customer touchpoints, however increased software complexity also opens the door for more malicious attacks and high-impact data leaks. Ever-nimble and determined threat actors are reinventing their approaches to align with current … continue reading

Facebook’s tumultuous times: new OS in the works amid another breach

In a year where data breaches at Facebook have seen no signs of slowing down, another blow has been dealt.  A reported 267 million Facebook user IDs and phone numbers were exposed online for anyone to access without a password or any authentication. Most of the records affected users from the United States.  The UK … continue reading

SD Times news digest: Apple expands its bug bounty program, Rust 1.40.0, and F5 to acquire Shape Security

Apple announced a bug bounty program that rewards up to $1,500,000 on finding issues that occur on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration. In addition, Apple said it offers public recognition for those who submit valid reports and will match donations of the bounty payment … continue reading

XebiaLabs DevOps Platform 9.5 Offers Enterprises Unparalleled Visibility into Software Delivery Processes

SD Times news digest: XebiaLabs DevOps platform 9.5, Apache Kafka 2.4, and ShiftLeft’s inspect static application security testing tool

XebiaLabs announced the release of its DevOps Platform version 9.5. This release is designed to provide business-level insight into complete software releases. The new release includes a Delivery Patterns feature, which synchronizes the delivery of business applications across technical release pipelines, according to the company. With Delivery Patterns, users can track business applications, synchronize component … continue reading

Npm finds binary planting bug and urges users to update

The JavaScript package manage provider npm has found a security vulnerability that can open access to arbitrary files on a user’s system. According to the company, npm versions prior to 6.13.4 made it possible for a globally-installed package to overwrite an existing binary in the target location. Npm is recommending an to update to npm … continue reading

2019: Lack of cybersecurity skills and best practices strain security

Security has hit a low point this year, as 2019 saw the 2nd, 3rd and 7th biggest breaches of all time measured by the number of people that were affected.  The largest breach of the year occurred in May when First American Financial Corporation leaked 885 million records of documents related to mortgage deals going … continue reading

1 2 3 41
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!