API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
App security threat report results from Digital Ai
Thursday, October 19, 2023 by Richard Harris
Digital.ai announced the results of its 1st annual Application Security Threat Report, illuminating and quantifying the risks to applications in the wild. The results reveal that 57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) the most likely to be attacked. The study found no correlation between an app’s popularity and likelihood o...
Network-based cybersecurity threat detection SDK launches
Monday, October 16, 2023 by Freeman Lightner
Enea has launched the Enea Qosmos Threat Detection SDK. This revolutionary threat detection system has the potential to double performance in network-based cybersecurity solutions.
The Qosmos Threat Detection SDK enables the integration of Enea's flagship deep packet inspection (DPI) engine, Qosmos ixEngine, with core IDS capabilities drawn from Suricata, the wid...
App security training enhancements by Security Journey
Wednesday, July 19, 2023 by Freeman Lightner
Security Journey announced an acceleration of its secure coding training platform enhancements. Since combining HackEDU and Security Journey training offerings into one Platform, the company has added or refreshed almost 200 lessons and 25 languages, frameworks, and technologies; giving customers even more new training content to improve secure coding knowledge gain of ...
App modernization in 2022
Monday, January 10, 2022 by Brittany Hainzinger
Ajay Patel is the General Manager for VMware’s Modern Applications & Management Business with the mission to be the leader in application modernization, cloud-native application development, and multi-cloud management through VMware Tanzu and vRealize portfolio.
Ajay has over 30 years of enterprise software expertise. Ajay previously served as the Treasurer...
Increase developer productivity in 2022
Sunday, January 9, 2022 by Freeman Lightner
Patrick Jean is the CTO at OutSystems, where he's focused on building a great engineering culture where motivated people are free to unleash their passion doing meaningful work. With more than 20 years of engineering leadership experience, he has led multiple high-stakes, cloud transformation initiatives at SaaS providers, blending customer focus, inspired developme...
Cloud provider trends in 2022
Thursday, January 6, 2022 by Brittany Hainzinger
Amir Rapson co-founded vFunction and serves as its CTO, overseeing technology, product, and engineering. Prior to co-founding vFunction in 2017, Amir was GM and VP R&D at WatchDox until its acquisition by Blackberry, where Amir served as a VP of R&D. Prior to WatchDox, Amir held R&D positions at CTERA Networks and at SofaWare (Acquired by Check Point). Amir ...
Cloud and cyber asset management trends for 2022
Thursday, January 6, 2022 by Richard Harris
Companies have been racing to mature their technologies and pursue digital transformations in the last few years, as a way to gain or maintain competitive advantage and resilience. This has led to an emerging area of focus: cyber asset management. Organizations are now taking inventory of their IT infrastructure and prioritizing more agile cyber asset management process...
Software industry predictions in 2022 from Infragistics
Tuesday, January 4, 2022 by Richard Harris
The Infragistics experts Jason Beres, Tobias Komischke, and Dean Guida share their 2022 software industry predictions about Low-Code/No-Code, App Builders, Big Data/Embedded Analytics, UI/UX Design, Data Catalogs, and Digital Transformations.
“The biggest DevOps trend for 2022 will be low-code no-code tools that save developers time and money. Rather than being...
5G 2022 predictions from EdgeQ
Tuesday, January 4, 2022 by Richard Harris
Vinay Ravuri, CEO at EdgeQ shares his predictions for 2022 about the cloudification of 5G, the death of Moore's law, 5G & AI convergence, and more.
5G will become an essential utility and assumed “natural resource” of infrastructure. Supplying the digital “pipeline” and harnessing data currency will become a focal point of national sec...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
Promon partners with F5 to simplify mobile SDK integration
Wednesday, October 27, 2021 by Christian Hargrave
Promon, the Oslo-based app security company announced its partnership with F5, the multi-cloud application security and delivery company. This partnership now enables F5's customers to seamlessly implement the F5 Bot Defense Mobile SDK. The solution provides developers with the necessary tools to protect their applications from bot attacks utilizing Promon'...
Compliance automation will take center stage this year
Wednesday, May 26, 2021 by Richard Harris
Compliance automation uses artificial intelligence features and technology to make compliance procedures easier - according to most sources on the web, about the meaning of compliance automation.
Progress Software CEO Yogesh Gupta says with smart companies turning to a compliance-as-code approach to keep infrastructure, apps, and end-user devices secure and com...
DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
API sprawl security concern predictions of 2021 from Volterra
Wednesday, January 6, 2021 by Freeman Lightner
As organizations continue to digitally transform business processes, they are increasingly transitioning from legacy applications to modern, cloud-native apps.
These intricate modern apps feature far more APIs than their predecessors including API sprawl.
Since these apps are built with extensive microservices, many of these APIs are deeply embedded and hidden. Th...
How to avoid mobile phone apps from leaking your personal data
Wednesday, November 18, 2020 by Brittany Hainzinger
Most people have dozens of mobile phone apps installed on their phone, tablet, or even their smartwatch. In fact, the average person has about 60 to 90 mobile phone apps on their phone. Out of all those apps, many of them could be leaking your personal data. How can you protect yourself? One of the primary ways is by installing a VPN, but there are other ways, too. Here...
Political app vulnerabilities raise concern
Thursday, October 22, 2020 by Doug Dooley
With election season upon us, the US population is being inundated by candidate and proposition propaganda from a variety of sources – including television, the US mail, and mobile device apps. As annoying as this flood of information is at times, it’s important to understand that when it comes to these popular apps, and in fact all apps, if certain security...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...
Ethics standards and security protocols app developers should follow
Monday, September 30, 2019 by Richard Harris
Consumers put a lot of trust in app developers. Sacrificing data for convenience isn't a new concept - FaceApp is only the most recent example of the low bar set for allowing our private data into the hands of any company that pushes out an app. Yet, even after so many breaches and all-encompassing terms of use, why aren't more developers doing more to advocate ...
Enterprise grade low code platform arrives from Kony
Thursday, March 14, 2019 by Richard Harris
Kony Inc has a lot to talk about these days. Along with recently being named a leader in The Forrester Wave: Low-Code Development Platforms for AD&D Professionals, Q1 2019, they also sent notice to us that they launched Kony Quantum, a new brand with enhanced capabilities for its next-generation low-code app development platform that aims to deliver rich digita...
Join us for a free mobile app security threats webinar on Tuesday
Friday, December 7, 2018 by Richard Harris
In 2016, a record 3 billion Yahoo accounts were hacked, and Uber reported that hackers stole the information of over 57 million accounts. Then in 2017, 412 million user accounts were taken from Friendfinder’s sites, and 147.9 million consumers were affected by the Equifax Breach. In 2018, Under Armor said that that it's My Fitness Pal app was hacked, affecting...
Play Android games on your PC with this new Android emulator
Tuesday, November 20, 2018 by Richard Harris
It can be a frustrating thing to finally get so deeply engrossed in a game, only to have your experience marred by a small screen or a sudden drop in battery life. With just an installation, a few short steps and account creation, you’ll be able to play your favorite games on an Android emulator that will give you an even better experience than on your phone.
N...
Container security considerations for developers
Monday, October 29, 2018 by Richard Harris
On the path to a secure digital business, secure service containers bring the best of agility and security to development teams – a growing concern for companies from startups to the Fortune 500. By moving the security concern out of the application layer into an encompassing container platform, one provides a very elegant solution to significantly reduced attack ...
Fortnite for Android is a trailblazing risk for mobile banking
Tuesday, August 14, 2018 by Sam Bakken
CEO Tim Sweeny of Epic Games, the publisher of the wildly popular Fortnite game, is on a mission to “advance the openness of all platforms” - not to mention side-step Google’s 30% take of developer proceeds - by distributing Fortnite for the Android platform via their website rather than the Google Play store. I applaud a maverick challenging the statu...
Avoid mobile cybersecurity threats by checking the source
Thursday, July 5, 2018 by Sam Bakken
Earlier this month IT news organizations around the globe reported that Epic Games’ popular Fortnite game was being counterfeited and malicious actors were, in fact, lacing the imposter apps with malware.
We’re only human, and people unwittingly let their guard down in anticipation of something they're passionate about, or when they think they might b...
Why developers run away from security updates
Monday, April 16, 2018 by Richard Harris
Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...
The battle of biometric security coming in 2018
Friday, November 3, 2017 by Kevin Tussy
Fingerprint sensors first appeared in smart devices in 2007 and then gained momentum as a 4-digit PIN code replacement in 2013's Apple iPhone 5S. Hailed as the future of authentication by some, fingerprint's security weaknesses were quickly exposed by the children of sleepy dads, cats' paws and gummy bears. Still, the lure of convenience today and the promise of securit...
Cloud security platform Capsule8 raises $6M
Thursday, September 28, 2017 by Christian Hargrave
Capsule8 has announced it has completed a $6 million round of funding. This round brings total funding to more than $8.5 million for the security provider, which recently announced the beta version of Capsule8 Protect that is being deployed by some of the biggest companies on Wall Street and in Silicon Valley. Capsule8 will use its latest round of funding to further dev...
Stop the menace of Android rooting malware attacks with RASP
Monday, September 25, 2017 by Frederik Mennes
One of the key security issues facing organizations that support Android devices is the risk of rooting malware. A number of malware families on the Android mobile OS attempt to obtain root access once installed because the elevated privileges gained come in handy to perform malicious activities.
What you need to know about Tordow v2.0 and Pegasus
The To...
Tips for securing container deployments
Friday, September 1, 2017 by Richard Harris
Container deployments are still susceptible to the regular threats that other types of deployments are - including DDoS and cross-site scripting attacks. In fact, hackers often take advantage of compromised containers to scan sensitive data, download malware, or privilegeunauthorized access to any of your containers, hosts or data centers.Fei Huang is the CEO of NeuVect...
NoSQL databases can now use Hackolade's CLI
Tuesday, August 8, 2017 by Richard Harris
With GDPR quickly approaching, Hackolade has announced its Command Line Interface (CLI) to help companies with the pending GDPR (General Data Protection Regulation) regulatory compliance (scheduled for May 25, 2018), along with overall corporate data governance needs. The CLI is currently available for the following NoSQL databases: MongoDB, Couchbase, DynamoDB, and Azu...
Checkmarx acquired Codebashing
Tuesday, July 25, 2017 by Christian Hargrave
Checkmarx has acquired Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don't address the specific challenge as...
iOS 11 security implications
Thursday, July 13, 2017 by Richard Harris
Apple’s iOS 11 won’t be released until this fall, but its in public beta now - available for both developers and enterprising consumers alike to test it out. Beta versions inherently come with bugs, but some features of the operating system will continue to pose problems after the market-ready version is released. Richard Stiennon, Chief Strategy Officer of Blancco Tech...
With DevOps security must work differently
Tuesday, June 27, 2017 by Richard Harris
Because “software is eating the world,” as Mark Andreessen famously noted, application security gets harder every day; every line of code written opens organizations to new vulnerabilities and breaches. Furthermore, legacy solutions, such as static analysis, dynamic analysis and web application firewalls have failed to keep pace with Agile and DevOps practices. Teams ne...
VASCO launches overlay detection in DIGIPASS
Thursday, June 22, 2017 by Richard Harris
VASCO Data Security International, Inc., a provider of identity, security and business productivity solutions, has announced its ability to help organizations detect and mitigate mobile application overlay attacks through added functionality in the DIGIPASS for Apps Runtime Application Self-Protection (RASP) module.Overlay attacks are increasingly being deployed to stea...
