DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
API sprawl security concern predictions of 2021 from Volterra
Wednesday, January 6, 2021 by Freeman Lightner
As organizations continue to digitally transform business processes, they are increasingly transitioning from legacy applications to modern, cloud-native apps.
These intricate modern apps feature far more APIs than their predecessors including API sprawl.
Since these apps are built with extensive microservices, many of these APIs are deeply embedded and hidden. Th...
How to avoid mobile phone apps from leaking your personal data
Wednesday, November 18, 2020 by Brittany Hainzinger
Most people have dozens of mobile phone apps installed on their phone, tablet, or even their smartwatch. In fact, the average person has about 60 to 90 mobile phone apps on their phone. Out of all those apps, many of them could be leaking your personal data. How can you protect yourself? One of the primary ways is by installing a VPN, but there are other ways, too. Here...
Trump and Biden app vulnerabilities raise concern
Thursday, October 22, 2020 by Doug Dooley
With election season upon us, the US population is being inundated by candidate and proposition propaganda from a variety of sources – including television, the US mail, and mobile device apps. As annoying as this flood of information is at times, it’s important to understand that when it comes to these popular apps, and in fact all apps, if certain security...
StrandHogg Android vulnerability identified
Thursday, December 5, 2019 by Freeman Lightner
Promon, a Norwegian app security company, has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone...
Ethics standards and security protocols app developers should follow
Monday, September 30, 2019 by Richard Harris
Consumers put a lot of trust in app developers. Sacrificing data for convenience isn't a new concept - FaceApp is only the most recent example of the low bar set for allowing our private data into the hands of any company that pushes out an app. Yet, even after so many breaches and all-encompassing terms of use, why aren't more developers doing more to advocate ...
Enterprise grade low code platform arrives from Kony
Thursday, March 14, 2019 by Richard Harris
Kony Inc has a lot to talk about these days. Along with recently being named a leader in The Forrester Wave: Low-Code Development Platforms for AD&D Professionals, Q1 2019, they also sent notice to us that they launched Kony Quantum, a new brand with enhanced capabilities for its next-generation low-code app development platform that aims to deliver rich digita...
Join us for a free mobile app security threats webinar on Tuesday
Friday, December 7, 2018 by Richard Harris
In 2016, a record 3 billion Yahoo accounts were hacked, and Uber reported that hackers stole the information of over 57 million accounts. Then in 2017, 412 million user accounts were taken from Friendfinder’s sites, and 147.9 million consumers were affected by the Equifax Breach. In 2018, Under Armor said that that it's My Fitness Pal app was hacked, affecting...
Play Android games on your PC with this new Android emulator
Tuesday, November 20, 2018 by Richard Harris
It can be a frustrating thing to finally get so deeply engrossed in a game, only to have your experience marred by a small screen or a sudden drop in battery life. With just an installation, a few short steps and account creation, you’ll be able to play your favorite games on an Android emulator that will give you an even better experience than on your phone.
N...
Container security considerations for developers
Monday, October 29, 2018 by Richard Harris
On the path to a secure digital business, secure service containers bring the best of agility and security to development teams – a growing concern for companies from startups to the Fortune 500. By moving the security concern out of the application layer into an encompassing container platform, one provides a very elegant solution to significantly reduced attack ...
Fortnite for Android is a trailblazing risk for mobile banking
Tuesday, August 14, 2018 by Sam Bakken
CEO Tim Sweeny of Epic Games, the publisher of the wildly popular Fortnite game, is on a mission to “advance the openness of all platforms” - not to mention side-step Google’s 30% take of developer proceeds - by distributing Fortnite for the Android platform via their website rather than the Google Play store. I applaud a maverick challenging the statu...
Avoid mobile cybersecurity threats by checking the source
Thursday, July 5, 2018 by Sam Bakken
Earlier this month IT news organizations around the globe reported that Epic Games’ popular Fortnite game was being counterfeited and malicious actors were, in fact, lacing the imposter apps with malware.
We’re only human, and people unwittingly let their guard down in anticipation of something they're passionate about, or when they think they might b...
Why developers run away from security updates
Monday, April 16, 2018 by Richard Harris
Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...
The battle of biometric security coming in 2018
Friday, November 3, 2017 by Kevin Tussy
Fingerprint sensors first appeared in smart devices in 2007 and then gained momentum as a 4-digit PIN code replacement in 2013's Apple iPhone 5S. Hailed as the future of authentication by some, fingerprint's security weaknesses were quickly exposed by the children of sleepy dads, cats' paws and gummy bears. Still, the lure of convenience today and the promise of securit...
Cloud security platform Capsule8 raises $6M
Thursday, September 28, 2017 by Christian Hargrave
Capsule8 has announced it has completed a $6 million round of funding. This round brings total funding to more than $8.5 million for the security provider, which recently announced the beta version of Capsule8 Protect that is being deployed by some of the biggest companies on Wall Street and in Silicon Valley. Capsule8 will use its latest round of funding to further dev...
Stop the menace of Android rooting malware attacks with RASP
Monday, September 25, 2017 by Frederik Mennes
One of the key security issues facing organizations that support Android devices is the risk of rooting malware. A number of malware families on the Android mobile OS attempt to obtain root access once installed because the elevated privileges gained come in handy to perform malicious activities.
What you need to know about Tordow v2.0 and Pegasus
The To...
Tips for securing container deployments
Friday, September 1, 2017 by Richard Harris
Container deployments are still susceptible to the regular threats that other types of deployments are - including DDoS and cross-site scripting attacks. In fact, hackers often take advantage of compromised containers to scan sensitive data, download malware, or privilegeunauthorized access to any of your containers, hosts or data centers.Fei Huang is the CEO of NeuVect...
NoSQL databases can now use Hackolade's CLI
Tuesday, August 8, 2017 by Richard Harris
With GDPR quickly approaching, Hackolade has announced its Command Line Interface (CLI) to help companies with the pending GDPR (General Data Protection Regulation) regulatory compliance (scheduled for May 25, 2018), along with overall corporate data governance needs. The CLI is currently available for the following NoSQL databases: MongoDB, Couchbase, DynamoDB, and Azu...
Checkmarx acquired Codebashing
Tuesday, July 25, 2017 by Christian Hargrave
Checkmarx has acquired Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don't address the specific challenge as...
iOS 11 security implications
Thursday, July 13, 2017 by Richard Harris
Apple’s iOS 11 won’t be released until this fall, but its in public beta now - available for both developers and enterprising consumers alike to test it out. Beta versions inherently come with bugs, but some features of the operating system will continue to pose problems after the market-ready version is released. Richard Stiennon, Chief Strategy Officer of Blancco Tech...
With DevOps security must work differently
Tuesday, June 27, 2017 by Richard Harris
Because “software is eating the world,” as Mark Andreessen famously noted, application security gets harder every day; every line of code written opens organizations to new vulnerabilities and breaches. Furthermore, legacy solutions, such as static analysis, dynamic analysis and web application firewalls have failed to keep pace with Agile and DevOps practices. Teams ne...
VASCO launches overlay detection in DIGIPASS
Thursday, June 22, 2017 by Richard Harris
VASCO Data Security International, Inc., a provider of identity, security and business productivity solutions, has announced its ability to help organizations detect and mitigate mobile application overlay attacks through added functionality in the DIGIPASS for Apps Runtime Application Self-Protection (RASP) module.Overlay attacks are increasingly being deployed to stea...
App Verify SDK gets update for new iOS capabilities
Wednesday, June 21, 2017 by Richard Harris
TeleSign, an end-to-end communications platform as a service (CPaaS), has announced new iOS capabilities for its mobile app verification service, App Verify. App Verify for iOS is a lightweight software development kit (SDK) that enables mobile app developers to streamline the onboarding account verification process to assist with increasing conversions and providing id...
Why runtime application selfprotection is critical for app security
Tuesday, June 20, 2017 by David Strom
Today most of us go about implementing security from the outside in. The common practice is to start by defining a perimeter and trying to defend it with various security tools. Even though perimeters have been porous for more than a decade, we still can’t give up this notion that if we build a better wall we can keep our enterprises safer.Certainly that is where most e...
Invisible payments inside mobile apps problem
Monday, June 19, 2017 by Richard Harris
Have you ever wondered how Uber automatically charges you for your ride without making you pull out your credit card or sign a receipt? "Invisible payments" like these are a growing trend and aside from ride sharing, the technology is now being implemented by companies with Amazon and major restaurant chains. For brands, invisible payments enhance the consumer experienc...
DevSecOps will help security and developers play nice
Thursday, June 15, 2017 by Richard Harris
Veracode, a security software company acquired by CA Technologies, has announced the results of a study examining the relationships between application developers and security teams.The study, conducted in conjunction with Enterprise Strategy Group (ESG), shows that despite the pervasive belief that security and development teams have conflicting priorities, initiatives...
Enterprise threat dubbed HospitalGown infests thousands of apps
Tuesday, June 6, 2017 by Richard Harris
Appthority, an enterprise mobile threat protection company, published research on a newly discovered backend data exposure vulnerability, dubbed HospitalGown, that highlights the connection between mobile apps and insecure backend databases containing enterprise data. Appthority documented more than 1,000 apps with this vulnerability, and researched in detail 39 applica...
Get mobile printing up and running: What CIOs need to know
Wednesday, May 24, 2017 by Brent Richtsmeier
Enterprise workplace infrastructure is changing. Gartner found that total mobile sales into the enterprise globally are greater than 200,000 per year, while PCs are half that. The PC installed base has been on a steady decline since 2014, while the mobile installed base is on the rise - meaning mobile is set to surpass the PC installed base in 2017.However, even as more...
Route the Internet faster with Argo from Cloudflare
Monday, May 22, 2017 by Richard Harris
Cloudflare has announced Argo, a service that intelligently routes traffic across the Internet for a faster, more reliable, and more secure online experience.The Internet is inherently unreliable. Its massive collection of networks from different providers experiences delays and outages all the time. Internet users experience these problems as slowness reaching websites...
Improve mobile app security by turning it into code
Monday, May 8, 2017 by Jeff Williams
Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong. Far more than any one person can be expert in. It's unfair to think that a software developer, who is already supposed to be expert in all the latest software languages, frameworks and best practices, should als...
NodeSource N|Solid for Alpine Linux
Wednesday, April 19, 2017 by Christian Hargrave
NodeSource, the Node.js company, has announced the release of NodeSource N|Solid for Alpine Linux, the newest addition to its enterprise-grade Node.js platform that enables a secure, reliable and extensible platform for Node.js applications. The latest release makes it easier for teams using Docker containers with the popular Alpine Linux distribution to leverage the en...
DOD releases PostgreSQL security technical implementation guide
Friday, March 24, 2017 by Richard Harris
Crunchy Data, a provider of open source PostgreSQL, has announced the publication of a PostgreSQL Security Technical Implementation Guide (STIG) by the U.S. Department of Defense (DoD), making PostgreSQL the first open source database with a STIG. Crunchy Data collaborated with the Defense Information Systems Agency (DISA) to evaluate PostgreSQL against the DoD’s securi...
Intentbased mobile app security: It's harder than you think
Thursday, March 23, 2017 by John Morello
Recently, intent-based security has become a buzzword and a commonly used phrase in the developer community. However, this new wave of security is much more than just a catchphrase. The concept of intent-based security adds a new level of protection to applications in containerized environments, specifically by understanding what the app is intended to do and looking fo...
Webscale launches new WAF to thwart attacks on eCommerce sites
Thursday, March 2, 2017 by Richard Harris
Webscale has announced the launch of their Cloud Web Application Firewall (WAF), the first of a new line of a-la-carte solutions designed to address the pain points many businesses face with regards to the security, availability and performance of their critical web applications. While the market is flush with WAF solutions that combat malicious attacks at the edge of a...
JavaScript apps get Arxan application protection solution
Friday, February 17, 2017 by Richard Harris
Arxan Technologies, a provider of application protection and management solutions, has announced Arxan Application Protection for JavaScript, a new offering that provides leading protection for JavaScript-based applications, including hybrid iOS and Android apps, in addition to web apps. The comprehensive solution is designed to prevent brand damage, financial loss, IP ...
