Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
Veracode launched an advanced scanning tool that enables organizations to find and fix vulnerabilities in APIs. The new capability leverages Veracode’s Dynamic Analysis (DAST) scanning engine to provide comprehensive security insights and remediation guidance for APIs. “The explosion of APIs means that application development is becoming more fragmented and decentralized in nature, so the attack … continue reading
Cloud-native development has become the de facto way that companies make new apps due to its speed and cost savings. While it has opened up the world of Kubernetes, containers, and serverless to most organizations, they still need to grapple with certain complexities and security concerns that this style of development brings. Concerning the use … continue reading
We asked these tool providers to share more information on how their solutions help companies secure cloud-native applications. Their responses are below. Rani Osnat, VP strategy and product marketing at Aqua Security From day one, we started out focusing on containers, because that was the big technology that was pushed in the earlier days with … continue reading
The various trends around software development: small team sizes, faster velocity and the styles of building software are here to stay and organizations will need a new way in which to train their developers. This is according to Pete Chestna, CISO of North America at Checkmarx, in the SD Times Live! on-demand webinar “Cloud Engineering … continue reading
The Android development team today shared a number of new features and updates that are designed to help users balance their needs and achieve mobility goals with Android Enterprise. A few notable highlights include the launch of the first Android Enterprise Vulnerability Rewards Program, embracing the use of Custom Tabs for developers to integrate authentication … continue reading
Threatmapper is a cloud-native security observability platform that scans, maps, and ranks vulnerabilities from development through production across serverless, Kubernetes, container, and multi-cloud environments. This Wednesday, it was open-sourced by Deepfence under the Apache 2.0 license. “By open sourcing ThreatMapper, we aim to help developers, DevOps, DevSecOps, and security teams identify and prioritize threats quickly … continue reading
Just over half of developers feel that security policies stifle their innovation and only about a third of developers reported that they are thoroughly educated on the security procedures they are expected to execute, according to a new report by VMware and Forrester. Forrester conducted a VMware-commissioned survey called “Bridging the Developer and Security Divide” … continue reading
New data shows a direct correlation between resignations, departing employees, and data exposure events. This is of particular interest to organizations currently as companies experience what’s been called “the Great Resignation.” As employees leave their companies, they oftentimes — intentionally or otherwise — take valuable source code, patent applications, and customer lists with them. Code42, … continue reading
Microsoft today announced that users of Outlook, OneDrive, Family Safety, and more can now opt out of using passwords and choose alternative authentication methods, predicting that “the future is passwordless.” This comes after the company announced that passwordless sign-in was generally available for commercial users, bringing the feature to enterprise organizations around the world. Some of the … continue reading
Snyk announced that it closed a $530 million Series F investment, which now totals the company’s funding to-date to $8.5 billion. “This new investment, together with the rapid adoption of our platform and growing customer base, validates our developer security vision,” said Peter McKay, CEO of Snyk. “When security starts with the world’s expanding pool … continue reading
The latest edition of the OWASP Top 10 showed that all of the highest-priority vulnerabilities since 2017 have shifted and new ones have been introduced. Broken Access Control has dethroned Injection as the top vulnerability, whereas it previously held fifth place. The 34 Common Weakness Enumerations (CWEs) mapped to Broken Access Control had more occurrences … continue reading