Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

SD Times news digest: Electron JS 11.0 released, CodeBot UX is available to early access users, and Build.security emerges from stealth

The new version of Electron JS includes upgrades to Chromium 87, V8, 8.7, and Node.js 12.18.3 as well as support for Apple silicon and general improvements. Other improvements include an added V8 crash message and location information to crashReport parameters and improved performance for sending wide objects over the context bridge. Additional details on all … continue reading

Environment-free computing company Gravitational rebrands as Teleport

Gravitational changed its name to Teleport and released the Teleport Unified Access Plane.  “The decision to formally change our name to Teleport supports the natural evolution that our company has followed from the point it was founded – to create software for engineers that allows them to quickly access any resource anywhere,” said Ev Kontsevoy, … continue reading

Exadel announced the release of CompreFace, an open-source facial recognition application

Exadel, a global provider of digital software engineering solutions and services, announced the release of CompreFace, an open-source facial recognition application. CompreFace can be integrated as a standalone service or deployed via the cloud. It’s convenient API offers state-of-the-art facial recognition. To get started with Compreface, visit: (https://github.com/exadel-inc/CompreFace#overview) “Facial recognition technology is being rapidly adopted across … continue reading

SD Times news digest: WhiteSource announces Merge Confidence, Yellowbrick Data 5 released with new price/performance capabilities, Mac BigSur now available

Merge Confidence is a new automated solution that helps developers safely update and remediate their open source dependencies by using a badge to show how likely an open source component can be updated without breaking the build. “Open source components are updated at such a staggering rate, it is impossible to manage this process manually. … continue reading

SD Times news digest: Android Platform to migrate build systems to Bazel, Databricks launches SQL Analytics, and Secure Code Warrior Missions

Android announced that it would migrate all of its current build systems to Bazel.  While components of Bazel have been already checked into the Android Open Source Project (AOSP) source tree, this will be a phased migration over the next few Android releases and will include many concrete and digestible milestones to make the transformation … continue reading

SD Times news digest: WhiteSource launches new vulnerability-based alerts, Rocket Software’s free UniObjects for Python, and Let’s Encrypt warns about compatibility

WhiteSource announced new vulnerability-based alerts designed to speed up and simplify the vulnerability management process. It will provide developers with flexibility when managing alerts as well as providing a more granular view of the issues, according to the company. “The number of known security vulnerabilities has been rising exponentially over the past few years, and … continue reading

SD Times news digest: Apple to require developers to enter app privacy information in App Store Connect, Android’s mobile driving license, and Visual Studio Code 1.51

Apple announced that later this year users will be able to learn about some of the data types that certain apps collect, and whether that data is linked to them or used to track them.  Starting on December 8th, developers will be required to summit this information when they add new apps and app updates … continue reading

SD Times news digest: TypeScript 4.1 RC released, Adobe security updates, and LDRA integrates with collaborative developer tool Yocto

TypeScript 4.1 RC was released with new features, new checking flags, editor productivity updates, and speed improvements.  The new string literal types in TypeScript allow users to model functions and APIs that expect a set of specific strings. It has the same syntax as template literal strings in JavaScript, but is used in type positions. … continue reading

Guest View: Use static analysis to secure open source

Sonatype’s 2020 State of the Software Supply Chain Report found that next generation cyber-attacks actively targeting open-source soft- ware projects increased 430% over the past 12 months. Industry and the Open Source communities recognize heightened security risks and are working to solve these. For example, in August 2020 the Linux Foundation launched the Open Source … continue reading

IBM releases Code Risk Analyzer to shift security left

IBM has announced the Code Risk Analyzer, a focused effort to bring security and compliance analytics to DevSecOps. The Code Risk Analyzer can be configured to run at the beginning of a developer’s code pipeline and it reviews and analyzes Git repositories for known issues with any open-source code that needs to be managed. It … continue reading

Beware of these creatures lurking in your DevSecOps teams

Halloween is upon us, and while much of the world is focused on scary creatures like ghosts, ghouls, or werewolves, DevSecOps teams have a few scary creatures of their own to deal with.  From the Dracula-like developer stuck in a world from centuries ago who is thwarting the creation of secure apps, to the DevOps … continue reading

SD Times news digest: Tasktop Flow Institute launched, Bugsnag announces new user stability analytics, and Enso raises $6 million for app security

The newly launched Tasktop Flow Institute online community for business leaders offers custom courses and content to gain practical knowledge and skills, as well as better understand value stream management and Tasktop Flow Metrics, according to the company.  “Becoming a software innovator means knowing how to measure what matters across your entire software portfolio,” said … continue reading

1 2 3 50
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!