Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
Attackers are increasingly targeting open source projects, seeking to exploit holes in software that millions of organizations rely on as the foundation of their technology stacks. The staggering 280% year-over-year increase in software supply chain attacks in 2023 serves as a stark warning: open source projects and their leadership must elevate security to their highest … continue reading
The number of security challenges companies are facing continue to grow, but organizations are beginning to display signs of “AppSec exhaustion,” or decreased engagement in security practices. This is according to Snyk’s new State of Open Source report, which found that dependency tracking and code ship frequency has remained largely unchanged since last year. There … continue reading
MITRE recently released its yearly list of the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This list differs from lists that contain the most common vulnerabilities, as it is not a list of vulnerabilities, but rather weaknesses in system design that can be exploited to leverage vulnerabilities. “By definition, code injection is an attack, … continue reading
While one might anticipate that the more complex an application is, the more likely it is to have security vulnerabilities, a recent analysis from Black Duck found the opposite to be true. Its 2024 Software Vulnerability Snapshot report analyzed data from 200,000 dynamic application security testing scans for 1,300 applications across 19 different industry sectors. … continue reading
Several high profile software supply chain security incidents over the last few years have put more of a spotlight on the need to have visibility into the software supply chain. However, it seems as though those efforts may not be leading to the desired outcomes, as a new survey found that only one out of … continue reading
One of Google’s security research initiatives, Project Zero, has successfully managed to detect a zero-day memory safety vulnerability using LLM assisted detection. “We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software,” the team wrote in a post. Project Zero is … continue reading
The Open Source Security Foundation (OpenSSF) is updating its Developing Secure Software (LFD121) course with new interactive learning labs that provide developers with more hands-on learning opportunities. LFD121 is a free course offered by OpenSSF that takes about 14-18 hours to complete. Any student who passes the final exam gets a certificate that is valid … continue reading
Microsoft is making it easier to use passkeys on Windows 11 by introducing a way for third-party passkey providers to integrate with Windows’ passkey system, improving the user experience for creating and using passkeys, and adding the ability to sync passkeys across multiple Windows 11 devices. Passkeys are a safer alternative to passwords where users … continue reading
Open source maintainers do significantly more security and maintenance work than unpaid maintainers, yet 60% of all maintainers remain unpaid, according to the 2024 State of Open Maintainer report from Tidelift. “The health and security of our global software infrastructure depends on open source maintainers,” Donald Fischer, co-founder and CEO, Tidelift, said in an announcement … continue reading
At its annual user conference, swampUp, the DevOps company JFrog announced new solutions and integrations with companies like GitHub and NVIDIA to enable developers to improve their DevSecOps capabilities and bring LLMs to production quickly and safely. JFrog Runtime is a new security solution that enables developers to discover vulnerabilities in runtime environments. It monitors … continue reading
GitHub is rolling out a new feature to not only help developers find vulnerabilities, but fix them quickly. Copilot Autofix in GitHub Advanced Security (GHAS) analyzes vulnerabilities, explains their importance, and offers suggestions on how to remediate them. “For developers who aren’t necessarily security experts, Copilot Autofix is like having the expertise of your security … continue reading
Every year, Forrester puts together a list of 10 emerging technologies to watch. This year’s list was released in June, and in the most recent episode of our podcast, What the Dev?, we were able to sit down with Brian Hopkins, VP of Emerging Tech Portfolio at Forrester, about the list. Here is an edited … continue reading