Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

Report: BSIMM10 shows new wave of engineering-led software security in DevOps

The security aspect of DevOps is evolving as new data found a new wave of engineering-led software security efforts originating bottom-up in the development and operations teams rather than top-down from a centralized software security group (SSG).  Software security initiatives (SSIs) have identified a number of individuals (often developers, testers, and architects) who are invested … continue reading

Code analysis tool Semmle joins GitHub

The code analysis platform provider Semmle wants to expand its reach with the announcement that it is joining GitHub. Together, the companies will work on addressing a big issue in open-source software: security.  RELATED CONTENT: Going to school on open-source security “Software security is a community effort; no single company can find every vulnerability or … continue reading

SD Times Open-Source Project of the Week: Token4Hope

This week’s open-source project of the week is Token4Hope, a charity project powered by the DCore blockchain intended to draw transparency and security to charitable contributions.  “When we realized that often charitable donations lack transparency and people would donate substantially more if they knew where exactly their funds go, we decided to propose our version … continue reading

SD Times news digest: Visual Studio Code 1.38, CircleCI’s security incident, and Google introduces differential privacy controls

Microsoft announced the August 2019 release of Visual Studio Code 1.38, adding updates as well as new features.  Some of the key highlights include the ability to keep letter casing across multi-file search/replace; to check min, max, enum values and glob patterns; quick navigation features; and links to MDN documentation directly from IntelliSense.  The full … continue reading

A managed open-source approach can improve the health of your open-source supply chain

The rise in attacks against the software supply chain is one outgrowth of vulnerabilities in open-source code that go unnoticed and therefore unpatched, a problem that has escalated despite the best efforts of enterprise development teams. As many recent high-profile breaches have underscored, it takes little for an overlooked patch to wreak havoc.  Even those … continue reading

Companies are making up for lack of cybersecurity professionals by investing in their developers

The search for good cybersecurity talent is a struggle facing companies across the industry — a problem that is only likely to get worse over the next few years. According to a report from CNBC in March, there are nearly 3 million open positions globally for security professionals. The hiring shortage is expected to grow … continue reading

Industry leaders launch data security consortium

As computing moves from on-premises to the public cloud and the edge, protecting has data has become more complex, prompting Intel, Google, Microsoft, the Linux Foundation and other technology partners to launch a cross-industry effort for organizations to safely share data insights through the Confidential Computing Consortium.  RELATED CONTENT: Microsoft tackles data sharing between organizations “The … continue reading

SD Times news digest: Amazon Forecast now available, GitHub supports WebAuthn for security keys, and Qt for MCUs

AWS announced the general availability of Amazon Forecast, which enables developers to build applications with the same machine learning technology used by Amazon.com for forecasting business conditions.  According to the company, Amazon Forecast automatically discovers how variables such as product features, seasonality and store locations affect each other and can make predictions that are up … continue reading

When does SCA replace SAST or DAST?

The short answer is never. There, I just saved you enough time that you can go and do the right thing and run SAST and DAST and work on hardening your code, instead of trying to test security into your application. Look, every time a new technology, process, or technique comes along there are some … continue reading

Report: Organizations fail to remediate app security vulnerabilities

Software security continues to be a top priority for organizations and development teams, but they are still struggling to address vulnerabilities in their applications. A recently released report revealed while organizations are beginning to increase their application testing efforts, their remediation rates are falling.  The 2019 WhiteHat Application Security Statistics report is based on data … continue reading

Microsoft launches new security lab and raises top bounty for Azure vulnerabilities

Microsoft is boosting its efforts to make Azure more secure with the launch of Azure Security Lab, a set of dedicated cloud hosts for security researchers to test attacks against IaaS scenarios. In addition, the cloud giant is doubling the top bounty reward for Azure vulnerabilities to $40,000. “To make it easier for security researchers … continue reading

SD Times news digest: Azure Security Center for IoT, Armory announces funding for Spinnaker, and CodeStream approved for Slack

Microsoft announced the general availability for the Azure Security Center for IoT to protect the growing number of IoT deployments. According to IDC, IoT deployments will continue to grow at double digit rates until IoT surpasses $1 trillion in 2022. Azure Security Center provides threat intelligence, creates a list of potential threats and ranks them … continue reading

1 2 3 39
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!