Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

Snyk announces updates to its Developer Security Platform

Snyk announced many innovations that extend the scope of the company’s Developer Security Platform during its SnykLaunch Fall 2022 event. This includes the general availability of Snyk Cloud, which offers tools to help fix software vulnerabilities such as a vulnerability scanner and a patch management system that was launched in July 2022 with limited availability.  … continue reading

SD Times Open-Source Project of the Week: KataOS

Google announced that it open-sourced several components for its secure operating system called KataOS as part of an effort to build verifiably secure systems for embedded hardware.  Google Research aims to solve this problem by providing a secure platform optimized for embedded devices running ML applications.  SeL4 is the microkernel for the project because it … continue reading

Datadog introduces new continuous testing platform

The team at the monitoring and security platform for cloud applications, Datadog, has announced the general availability of Datadog Continuous Testing. This helps developers and quality engineers create, manage, and run end-to-end tests for their web applications. This release is intended to simplify test creation in order to speed up software release cycles by providing … continue reading

Google announces support for passkeys on Android and Chrome

Google has announced that it will be supporting passkeys on Android and Chrome. Passkeys are an authentication method that offers an alternative to passwords, and the technology was announced by Apple over the summer at its WWDC conference. For users, using a passkey is similar to confirming the use of a saved password by scanning … continue reading

Endor Labs has launched to help companies manage dependencies

Endor Labs has officially come out of stealth, launching the company with a Dependency Lifecycle Management Platform that is intended to help development and security teams maximize software reuse by evaluating, maintaining, and updating dependencies.  The Endor Labs platform helps organizations manage their dependencies by offering them a deeper understanding of how they are being … continue reading

NSA’s and CISA’s recent security guidance: The good and the bad

The NSA and CISA released the guide “Securing the Software Supply Chain: Recommended Practices Guide for Developers” last month and while David Wheeler, the director of open-source supply chain security at the Linux Foundation and OpenSS, welcomes it, he said there are some questionable requirements.  The guide covers aspects of security such as how to … continue reading

LightBeam.ai introduces new free module for complying with data privacy requirements

The data security and privacy automation company LightBeam.ai today announced a new, free PrivacyOps Pro module in order to help organizations of varying sizes and industries meet specific requirements of international, national, and state data privacy laws.   While new data privacy regulations are a step in the right direction for user safety, the disparate nature … continue reading

Veracode expands platform to support container security

Application security company Veracode has announced that its Continuous Software Security Platform now supports container security.  According to Veracode, containers suffer from a lot of the same issues as traditional physical or virtual server hardware. This includes things like poorly managed secrets and security misconfigurations, both of which are addressed by Veracode’s solution.  Veracode also … continue reading

Low code doesn’t necessarily mean low security risks

Low-code has many benefits, and they’ve been widely discussed in a number of articles here on SD Times, but one area in which they don’t really have an edge is security.  It’s not that low code is more risky than traditional code, but the same risks are there, Jeff Williams, co-founder and CTO of Contrast … continue reading

Contrast Security introduces new security testing tools for JavaScript frameworks

Contrast Security, the code security company, today announced the expansion of its Secure Code Platform’s static application security testing capabilities to include JavaScript language support as well as support for Angular, React, and jQuery frameworks. With this, developers are enabled to quickly find and repair security defects in their client-side code.  The addition of Contrast … continue reading

Ox Security emerges from stealth with $34M to provide end-to-end software supply chain security

Tel Aviv, Israel, September 29, 2022 — Ox Security, the end-to-end software supply chain security platform for DevSecOps, exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft’s venture fund, with participation from Rain Capital. OX was founded less than a year ago by Neatsun Ziv and Lior Arzi, … continue reading

CloudBees acquires ReleaseIQ to expand DevSecOps offerings

CloudBees acquired the ReleaseIQ DevOps Platform to expand the company’s DevSecOps capabilities and to empower customers with a low-code, end-to-end release orchestration and visibility solution.  The SaaS offering enables DevOps organizations to compose and analyze workflows, and also orchestrate a combination of CI/CD technologies including Jenkins without the need to migrate or replace.  “The decision … continue reading

1 2 3 64
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!