Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
The Open Source Security Foundation (OpenSSF) is updating its Developing Secure Software (LFD121) course with new interactive learning labs that provide developers with more hands-on learning opportunities. LFD121 is a free course offered by OpenSSF that takes about 14-18 hours to complete. Any student who passes the final exam gets a certificate that is valid … continue reading
Microsoft is making it easier to use passkeys on Windows 11 by introducing a way for third-party passkey providers to integrate with Windows’ passkey system, improving the user experience for creating and using passkeys, and adding the ability to sync passkeys across multiple Windows 11 devices. Passkeys are a safer alternative to passwords where users … continue reading
Open source maintainers do significantly more security and maintenance work than unpaid maintainers, yet 60% of all maintainers remain unpaid, according to the 2024 State of Open Maintainer report from Tidelift. “The health and security of our global software infrastructure depends on open source maintainers,” Donald Fischer, co-founder and CEO, Tidelift, said in an announcement … continue reading
At its annual user conference, swampUp, the DevOps company JFrog announced new solutions and integrations with companies like GitHub and NVIDIA to enable developers to improve their DevSecOps capabilities and bring LLMs to production quickly and safely. JFrog Runtime is a new security solution that enables developers to discover vulnerabilities in runtime environments. It monitors … continue reading
GitHub is rolling out a new feature to not only help developers find vulnerabilities, but fix them quickly. Copilot Autofix in GitHub Advanced Security (GHAS) analyzes vulnerabilities, explains their importance, and offers suggestions on how to remediate them. “For developers who aren’t necessarily security experts, Copilot Autofix is like having the expertise of your security … continue reading
Every year, Forrester puts together a list of 10 emerging technologies to watch. This year’s list was released in June, and in the most recent episode of our podcast, What the Dev?, we were able to sit down with Brian Hopkins, VP of Emerging Tech Portfolio at Forrester, about the list. Here is an edited … continue reading
In an effort to reduce the number of vulnerabilities in Android apps, Google is introducing the Android Application Security Knowledge Base (AAKB). The AAKB includes a database of common code issues, complete with examples on how to remediate them and explanations on how to implement specific code patterns. Google already does scan Android apps for … continue reading
The software intelligence company CAST is trying to make it easier for development teams to create and manage Software Bill of Materials (SBOMs) with the launch of the CAST SBOM Manager. This new free tool automates the process of creating SBOMs. Developers give the SBOM Manager access to their code repositories and it will create … continue reading
A number of companies have announced the formation of the Coalition for Secure AI (CoSAI), a group dedicated to addressing the security risks related to using AI. CoSAI was founded by Amazon, Anthropic, Chainguard, Cisco, Cohere, GenLab, Google, IBM, Intel, Microsoft, NVIDIA, OpenAI, Paypal and Wiz. It will be hosted at the standards body OASIS … continue reading
While the occurrence of software supply chain attacks just keeps getting worse every year, there appears to be a disconnect among leaders on the importance of securing those supply chains. According to research from IDC, there has been a 241% increase year-over-year in supply chain attacks, but a new survey from JFrog had only 30% … continue reading
OpenText is releasing a new static application security testing (SAST) tool called Fortify Aviator designed to change the way developers manage application security. Fortify Aviator uses AI to provide intelligent code fix suggestions based on analysis of the existing codebase, which significantly reduces the time developers need to spend on remediating issues. According to the … continue reading
Though this is technically a “Buyer’s Guide” by SD Times terminology, let’s preface this article by remembering that buying a piece of software isn’t the key to fixing all security issues. If there was some magical security solution that could be installed to instantly fix all security problems, we wouldn’t be seeing a year-over-year increase … continue reading
