Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
OX Security is shifting security as far left as it can go with the launch of VibeSec, which it says can stop insecure AI-generated code before the code even gets generated. It does this by embedding dynamic security context into the coding model so that it doesn’t suggest code that contains security issues. “VibeSec doesn’t … continue reading
Chainguard, a company that provides a repository of trusted container images, has announced the launch of a new collection of trusted builds for JavaScript dependencies. According to Chainguard, recent attacks against the JavaScript package manager npm have underscored the need for more secure mechanisms to consume JavaScript libraries. The company says that public registries do … continue reading
In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will enable stronger security. The attack on the npm ecosystem was caused by a worm, named Shai-Hulud, that infects and republish other packages with its malware to spread it across the npm ecosystem. “By … continue reading
Digital.ai has created a new product that will make white-box cryptography accessible to all developers, not just cryptography experts. White-box cryptography is a technique that adds cryptographic protections directly into application code, making it hard for attackers to obtain secret information, like cryptographic keys. Digital.ai’s White-box Cryptography Agent provides access to a white-box cryptography library … continue reading
Android will soon require app developers to go through an identity verification process before their apps can be installed on users’ devices—regardless of if the apps are downloaded through the Play Store or sideloaded. “Think of it like an ID check at the airport, which confirms a traveler’s identity but is separate from the security … continue reading
Tenable is updating its Vulnerability Priority Rating (VPR) method of scoring vulnerabilities to enable organizations to focus their efforts on the most critical and impactful vulnerabilities. According to the company, Common Vulnerability Scoring System (CVSS), which is used by the CVE database, flags 60% of vulnerabilities as high or critical. When Tenable VPR was launched … continue reading
Google is hoping to improve public trust in open source projects with the launch of a new open source project called OSS Rebuild that reproduces upstream artifacts and compares the new package with the original artifact. According to Google, this process enables customers to verify a package’s origin, understand and repeat its build process, and … continue reading
Azul has announced an update to its Vulnerability Detection solution that promises to reduce false positives in Java vulnerability detection by up to 99% by only flagging vulnerabilities in code paths that are actually used. According to Azul, typical scanners scan JAR files for components by name, rather than what the JVM actually loads. Erik … continue reading
Earlier this month, the Certification Authority(CA)/Browser Forum voted to significantly shorten the lifetime of TLS certificates: from 398 days currently to 47 days by March 15, 2029. The CA/Browser Forum is a collective of certificate issuers, browsers, and other applications that use certificates, and they’ve long been discussing the potential for shorter certificate lifetimes. As … continue reading
Harness has announced a new offering to help developers secure their cloud-native applications and APIs, the first major update to feature Traceable’s technology since the companies merged earlier this year. Traceable Cloud Web Application and API Protection (WAAP) provides web application protection, API security, bot mitigation, and DDoS defense. According to Sudhir Patamsetti, senior. director … continue reading
Snyk has announced a new dynamic application security testing (DAST) solution designed specifically for AI-powered software development. Snyk API & Web allows developers to test the security of all of their APIs and web apps, regardless of if the code was written by a developer or AI. It also provides detailed recommendations on how to … continue reading
Symbiotic Security is releasing a new tool that will enable automatic detection and remediation of vulnerabilities in code. Embedded directly into a developer’s IDE, Symbiotic Security Version 1 utilizes an AI model that was trained on a “proprietary, security-specific, and verified dataset.” In addition to detecting and remediating issues, it also features a built-in chatbot … continue reading
