Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

Microsoft consumers can now completely remove passwords from their accounts

Microsoft today announced that users of Outlook, OneDrive, Family Safety, and more can now opt out of using passwords and choose alternative authentication methods, predicting that “the future is passwordless.” This comes after the company announced that ​​passwordless sign-in was generally available for commercial users, bringing the feature to enterprise organizations around the world.    Some of the … continue reading

SD Times news digest: Snyk Series F, Visual Studio extensibility updates, and Rust 1.55

Snyk announced that it closed a $530 million Series F investment, which now totals the company’s funding to-date to $8.5 billion.  “This new investment, together with the rapid adoption of our platform and growing customer base, validates our developer security vision,” said Peter McKay, CEO of Snyk. “When security starts with the world’s expanding pool … continue reading

Broken Access Control is now the highest vulnerability in OWASP Top 10 2021

The latest edition of the OWASP Top 10 showed that all of the highest-priority vulnerabilities since 2017 have shifted and new ones have been introduced.  Broken Access Control has dethroned Injection as the top vulnerability, whereas it previously held fifth place. The 34 Common Weakness Enumerations (CWEs) mapped to Broken Access Control had more occurrences … continue reading

SD Times news digest: Micro Focus releases UFT Mobile 2021, Liquidware updates its FlexApp solution, Google Workspace hybrid work updates

Micro Focus announced the release of UFT Mobile 2021 which visually enhances the mobile testing experience, optimizes utilization of devices, simplifies administration capabilities, and supports additional technologies.  The dashboard can also assist with decision making. For example, device information is useful when deciding if additional devices of a certain OS version are required in general … continue reading

Reducing friction between dev and app sec teams is key

As developers begin to be responsible for more and more elements beyond just coding, having tools take some of the burden off them will become important. Developers are now expected to become security experts, and while it’s important to know the basics such as how to write secure code, there also becomes a dependence on … continue reading

Why did it take the Colonial Pipeline hack to focus on security?

We’ve had Solar Winds. Kaseya. Microsoft Exchange. We’ve heard of millions upon millions of personal data files being hacked and exploited. So, why was it that the Colonial Pipeline ransomware attack was the one to get people focused on software and infrastructure security? The easy answer is because it hit consumers at the gas pump, … continue reading

SD Times news digest: Grafana raises $220 million in funding, Kotlin 1.5.30 released, FusionAuth announces advanced threat detection

Grafana Labs announced $220 million in Series C that it said it will use to focus on accelerating the development of its open-source observability platform.  The company also recently added k6, the company behind the open-source load-testing tool, and Pace.dev, a team known for creating tools with great developer experience, to the Grafana Labs family.  … continue reading

Placing security in the hands of developers

Developers today are faced with an ever-changing landscape. Their responsibilities continue to expand into areas like software QA, security, and governance. In an SD Times Live! webinar, Brian Fox, CTO of Sonatype and Steve Poole, developer advocate at Sonatype, discuss the ways in which security has become an essential part of a developers job. According … continue reading

SD Times news digest: VCs pouring money into blockchain companies, Checkmarx acquires Dustico, ONUG names two new members to its board

Blockchain companies have raised $30.4 billion in total funding, marking an increase of 44% within a year, according to Block Arabia, a news media site in the field of financial markets. Crunchbase data showed that 2018 was a record year for blockchain investment, but the next two years saw a significant slump. This year, investors … continue reading

SD Times news digest: MobileTogether 7.3, Sila announces $13 million Series A round, and Cloudflare launches Project Pangea

Altova announced the release of MobileTogether 7.3, a rapid app development platform for building enterprise solutions.  The latest release introduces options to enable in-app purchases in the native iOS, Android, and Windows apps they create using MobileTogether and the ability to embed the MobileTogether Windows client in one’s own UWP.  It also adds support for … continue reading

SD Times news digest: Android giving extension to comply with new Play Payments Policy, Sentry performance monitoring for iOS and Release Health for Python, Sysdig to acquire Apolicy

Android stated that it would extend the September 30th deadline for adhering to the Google Play Payments policy to March 31st, 2022.  Starting on July 22nd, developers can appeal for an extension through the Help Center. Android said it will review each request and get back to requests as soon as possible. Additional details are … continue reading

SD Times news digest: Android ML inference stack, IBM to acquire BoxBoat Technologies, Aqua Security acquires tfsec

Android announced its updateable, fully-integrated ML inference stack for developers to get built-in on-device inference essentials, optimal performance on all devices and a consistent API that spans Android versions.  TensorFlow Lite will be available on all devices with Google Play Services and will no longer require developers to include the runtime in their apps.  Also, … continue reading

1 2 3 58
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!