Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

A guide to DevSecOps tools This article outlines DevSecOps tools, offering a guide to solve your development security challenges The hidden costs of data breaches The average cost of a data breach is $3.86 million globally. The study found the cost of data breaches on a business’ bottom line has been steadily increasing over the past five years. How your security budget helps hackers win When a single breach can cause untold damage to your business, from millions in losses to reputational damage, operational disruption, and lost trust, you want to align your security budget with the actual threats you face.

 

Linux Foundation to improve open-source security with new initiative

The Linux Foundation has announced a new collaboration effort to improve open-source security. The Open Source Security Foundation (OpenSSF) aims to consolidate industry efforts with targeted initiatives and best practices.  According to the Linux Foundation, OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all … continue reading

New open-source reverse engineering tool released to fight against malware

BlackBerry announced new efforts to fight against cybersecurity attacks at this week’s Black Hat USA 2020 conference. The company’s new open-source tool PE Tree is designed to significantly reduce the time and effort required to reverse engineer malware.  According to the company, with the use of PE Tree, reverse engineers can view portable executable (PE) … continue reading

SD Times news digest: OpenTelemetry .NET beta released, Julia 1.5, and Google announces new security features

The OpenTelemetry .NET SDK has reached beta. Developers can now begin integrating the OpenTelemetry .NET SDK into their applications and libraries to capture and export metrics and traces. The beta release also includes instrumentation libraries for ASP.NET, ASP.NET Core, HTTP client, SQL client, and gRPC client. While functional, beta components have not gone through thorough … continue reading

Veracode Security Labs Community Edition launches to close the security gap

Security company Veracode has announced it will be offering a Security Labs Community Edition as a free-to-use alternative to its Enterprise Edition. This new edition will allow developers to hack and patch real applications, allowing them to learn new tactics and best practices in a controlled, safe environment. The company had recently partnered with Enterprise … continue reading

Cloudflare releases new developer serverless solution

Cloudflare has unveiled a new serverless solution to compete with AWS Lambda. The release of Cloudflare Workers Unbound offers a serverless platform for developers to run complicated computing workloads across the Cloudflare network and pay only for what they use. According to the company, the new solution can save users up to 75% for the … continue reading

Apple launches Security Research Device Program

Apple launched the Security Research Device (SRD) Program this week to help improve security for iOS users and to bring more researchers to the iPhone.  It features an iPhone dedicated exclusively to security research, with unique code execution and containment policies. According to Apple, it is not meant for personal use or daily carry, and … continue reading

SD Times news digest: GrammaTech acquires JuliaSoft, Snyk announces prioritization capabilities, and TigerGraph makes updates to GSQL

Software assurance and cybersecurity company GrammaTech announced it will be acquiring code analysis company JuliaSoft. According to GrammaTech, the acquisition will help it expand the reach of the CodeSonar SAST platform to Java and C#. The new language support extends the automated detection of software vulnerabilities to enterprise use cases where safety and security are … continue reading

It’s critical to keep your open-source components up to date and secure

The recently released 2020 Open Source Security and Risk Analysis (OSSRA) report, produced by the Synopsys Cybersecurity Research Center (CyRC), found that of more than 1,250 codebases analyzed in 2019, not only did virtually 100% have some open-source components, but also that an average of 70% of the code was open source, nearly double the … continue reading

SD Times news digest: Applitools’ auto-maintenance AI , Vercel updates edge and dev infrastructure, and new G Suite security features

Applitools added AI auto-maintenance and smart assist to its end-to-end platform.  AI powered smart assist automatically analyzes large batches of test results, often numbering in the hundreds or even thousands of tests. It then removes any redundancies by grouping similar visual and functional regressions together.  “Test maintenance is a painstaking and error-prone task, which is … continue reading

Apache APISIX becomes ASF top-level project

Apache APISIX, the cloud-native API gateway used to handle interface traffic for web, mobile, and IoT applications, just reached Top-Level Project status at the Apache Software Foundation. Apache APISIX is based on Nginx and etcd.  “Thanks to the help of our mentors, contributors and the Apache Incubator, Apache APISIX has now graduated as a Top-Level … continue reading

SD Times news digest: Altova low-code debugger, Auth0 and NS1 funding, and Portshift K8SHIELD framework

Altova announced the release of MobileTogether 7.0, a low code app development framework that introduced a new debugger for testing and troubleshooting app behavior during development in addition to numerous tools for defining controls, actions and UI refinements.  “Developers who are building highly sophisticated apps and solutions need the ability to troubleshoot throughout the development … continue reading

SD Times news digest: Cloud Security Alliance’s pillars of DevSecOps automation, dotData Stream, and Dynatrace announces AI observability for Kubernetes

The Six Pillars of DevSecOps: Automation paper published by the Cloud Security Alliance provides a holistic framework for facilitating security automation within DevSecOps as well as best practices. “It’s vital that today’s DevOps teams be agile, able to address user requirements dynamically, release features incrementally, and deliver at a faster pace than their predecessors and … continue reading

1 2 3 47
© 2020 D2 Emerge LLC.
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!