As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense, because defects, including security defects, can often be addressed faster and … continue reading
When creating, testing, and deploying software, many development companies now use proprietary software and open source software (OSS). Proprietary software, also known as closed-source or non-free software, includes applications for which the publisher or another person reserves licensing rights to modify, use, or share modifications. Examples include Adobe Flash Player, Adobe Photoshop, macOS, Microsoft … continue reading
As many organizations are bolstering up their security measures, hackers have shifted their focus to smaller and more concentrated attacks, according to Daniel Fonseca, senior solutions engineer at Kiuwan in the webinar “Preventing common vulnerabilities with Kiuwan’s SAST, SCA, and QA tools.” The National Vulnerability Database (NVD) said there were over 20,000 security vulnerabilities CVE … continue reading
Doing testing early and doing it often is essential in modern software development because it emphasizes the need to integrate software security testing throughout the SDLC. With the evolution of DevSecOps, where speed is vital to software deployment and delivery, it’s important to achieve continuous software assurance to give developers and organizations the confidence that … continue reading
Today the developer security company Snyk introduced new product innovations, DigitalOcean and HashiCorp partnerships, and launched Snyk Learn as part of SnykCon 2021. Snyk Code, which offers a dev-first approach to static application security testing tooling just received support for C#, Ruby, PHP and Go added to Java, Javascript, and Python. Also, Snyk Open Source … continue reading
The short answer is never. There, I just saved you enough time that you can go and do the right thing and run SAST and DAST and work on hardening your code, instead of trying to test security into your application. Look, every time a new technology, process, or technique comes along there are some … continue reading
A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading
XebiaLabs has launched a new security and risk assessment solution for enterprises. The new solution features enhanced chain of custody reporting, a new security risk dashboard for software releases, and new at-a-glance compliance overviews. According to the company, this will help organizations track app release status and understand security better. “To effectively manage software delivery … continue reading
Google has announced new changes to the WearOS by Google developer preview. According to the company, battery life has been a major focus area. After reviewing developer feedback, the company found users were unhappy with the disabling of alarms and jobs for background apps. As a result, Google is reversing the change and will be … continue reading
Does the DevSecOps approach make a difference when it comes to improving application security? According to this year’s 12th annual WhiteHat Security “Application Security Statistics Report,” it certainly does. This year’s WhiteHat report includes a case study that details a large health organization’s successful implementation of a DevSecOps approach. According to the study, critical vulnerabilities … continue reading