Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

SD Times news digest: White House Open Source Security Summit; Jetpack Window Manager release candidate; Google’s solution challenge 2022

Organizations such as the Linux Foundation, OpenSSF, Google, Akamai, and Red Hat attended a White House Summit meant to address supply chain security challenges following the recent log4j crisis.  “The open-source ecosystem will need to work together to further cybersecurity research, training, analysis, and remediation of defects found in critical open-source software projects. These plans … continue reading

SD Times news digest: DevOps Institute announces event lineup for 2022 and new certifications; GitLab security releases; Analytics for in-app events

The DevOps Institute announced its lineup for 2022 events and webinars and plans for two new DevOps certifications.  The new certifications include DevOps Practitioner and DevOps Engineering Foundation. Also, SKILup Days, SKILup Hours, and SKILup Festival 2022: A Live DevOps Educational Experience will provide insights and education needed by DevOps professionals in a wide variety … continue reading

2021 Year in Review: Microsoft

This year, Microsoft went all in on open-source and security and launched a plethora of new solutions aimed at bettering the lives of developers working remotely and on-premises.  Microsoft launched its flagship Visual Studio 2022 and .NET 6. in November. .NET 6 is a follow-up to the notable .NET 5, which merged .NET Framework and … continue reading

2021 Year in Review: Security

2021 was a tumultuous time for security, marking both massive breaches — a trend that sped up during the pandemic — and widespread action for trying to fix the problem.  On May 7, 2021, the Colonial Pipeline, an American oil pipeline system, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. In response, … continue reading

Solving the challenges of shifting security left

Amidst the “Shift Left and Extend Right” security trend, developers find themselves needing to implement more robust security practices into their processes. Idan Plotnik, co-founder and CEO of Apiiro, provider of an application risk management platform, discussed the ways in which developers can mitigate critical security risks in order to better protect themselves and their … continue reading

Checkmarx KICS now integrated into GitLab 14.5

Checkmarx’s open-source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool. KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations that could expose applications, data and services to attack. Users of Ansible, AWS CloudFormation, K8S or Terraform can … continue reading

Veracode launches scanning tool to find API vulnerabilities

Veracode launched an advanced scanning tool that enables organizations to find and fix vulnerabilities in APIs.  The new capability leverages Veracode’s Dynamic Analysis (DAST) scanning engine to provide comprehensive security insights and remediation guidance for APIs. “The explosion of APIs means that application development is becoming more fragmented and decentralized in nature, so the attack … continue reading

Securing cloud-native applications

Cloud-native development has become the de facto way that companies make new apps due to its speed and cost savings. While it has opened up the world of Kubernetes, containers, and serverless to most organizations, they still need to grapple with certain complexities and security concerns that this style of development brings.  Concerning the use … continue reading

How these vendors help companies with cloud-native security

We asked these tool providers to share more information on how their solutions help companies secure cloud-native applications. Their responses are below. Rani Osnat, VP strategy and product marketing at Aqua Security From day one, we started out focusing on containers, because that was the big technology that was pushed in the earlier days with … continue reading

Changing developers’ approach in Generation DevSecOps

The various trends around software development: small team sizes, faster velocity and the styles of building software are here to stay and organizations will need a new way in which to train their developers.  This is according to Pete Chestna, CISO of North America at Checkmarx, in the SD Times Live! on-demand webinar “Cloud Engineering … continue reading

Android team reveals several new security updates and initiatives

The Android development team today shared a number of new features and updates that are designed to help users balance their needs and achieve mobility goals with Android Enterprise. A few notable highlights include the launch of the first Android Enterprise Vulnerability Rewards Program, embracing the use of Custom Tabs for developers to integrate authentication … continue reading

SD Times Open-Source Project of the Week: Threatmapper

Threatmapper is a cloud-native security observability platform that scans, maps, and ranks vulnerabilities from development through production across serverless, Kubernetes, container, and multi-cloud environments.  This Wednesday, it was open-sourced by Deepfence under the Apache 2.0 license.  “By open sourcing ThreatMapper, we aim to help developers, DevOps, DevSecOps, and security teams identify and prioritize threats quickly … continue reading

1 2 3 59
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!