Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
The software intelligence company CAST is trying to make it easier for development teams to create and manage Software Bill of Materials (SBOMs) with the launch of the CAST SBOM Manager. This new free tool automates the process of creating SBOMs. Developers give the SBOM Manager access to their code repositories and it will create … continue reading
A number of companies have announced the formation of the Coalition for Secure AI (CoSAI), a group dedicated to addressing the security risks related to using AI. CoSAI was founded by Amazon, Anthropic, Chainguard, Cisco, Cohere, GenLab, Google, IBM, Intel, Microsoft, NVIDIA, OpenAI, Paypal and Wiz. It will be hosted at the standards body OASIS … continue reading
While the occurrence of software supply chain attacks just keeps getting worse every year, there appears to be a disconnect among leaders on the importance of securing those supply chains. According to research from IDC, there has been a 241% increase year-over-year in supply chain attacks, but a new survey from JFrog had only 30% … continue reading
OpenText is releasing a new static application security testing (SAST) tool called Fortify Aviator designed to change the way developers manage application security. Fortify Aviator uses AI to provide intelligent code fix suggestions based on analysis of the existing codebase, which significantly reduces the time developers need to spend on remediating issues. According to the … continue reading
Though this is technically a “Buyer’s Guide” by SD Times terminology, let’s preface this article by remembering that buying a piece of software isn’t the key to fixing all security issues. If there was some magical security solution that could be installed to instantly fix all security problems, we wouldn’t be seeing a year-over-year increase … continue reading
The following is a listing of vendors that offer tools to help secure software supply chains, along with a brief description of their offerings. Featured Provider HCLSoftware: HCL AppScan empowers developers, DevOps, and security teams with a suite of technologies to pinpoint application vulnerabilities for quick remediation in every phase of the software development lifecycle. … continue reading
A new report from CISA, the FBI, the Australian Cyber Security Centre (ACSC), and the Canadian Centre for Cyber Security (CCCS) analyzed 172 critical OpenSSF projects and found that 52% of them contain code written in a memory-unsafe language. The report also found that 55% of the total lines of code for all projects were … continue reading
GitHub is taking a step forward to help companies improve supply chain security with the release of Artifact Attestations. This new feature allows GitHub users to verify the integrity of GitHub Actions artifacts before they choose to deploy them into their Kubernetes cluster. Artifacts in GitHub are files or collections of files that were created … continue reading
AppSec company Backslash Security has announced new capabilities to better detect security issues in applications. Backslash utilizes a number of security scanning capabilities to uncover potential issues, including SCA, SAST, SBOM, VEX, and secrets detection. It now integrates with GitHub Enterprise On-Premise, GitHub Enterprise Server, GitLab On-Premise, and Bitbucket On-Premise. By offering integration into more … continue reading
GitLab has announced the latest version of its platform. GitLab 17 introduces new features such as GitLab Duo Enterprise, a new CI/CD catalog, and Native Secrets Manager. GitLab Duo Enterprise is a new AI add-on that builds on the capabilities of GitLab Duo Pro. It can be used to detect and fix security issues, summarize … continue reading
GitHub has released two updates designed to help secure software supply chains. The company announced a public beta of Artifact Attestations for GitHub Actions, which makes it easier for companies to verify where software components came from, and announced that Dependabot can now be run as a GitHub Actions workflow. Artifact Attestation allows maintainers of … continue reading
OpenText is releasing a new solution, Open Source Select, designed to help developers find open source libraries that comply with their organization’s security policy. Developers can search for open source libraries and will be shown only the results that they can actually use. According to OpenText, this helps cut down on the time spent looking … continue reading
