application security

application security news search results

Developer news items we found relating to application security

35 results
How-the-reddit-security-breach-reminds-us-to-be-careful

How the reddit security breach reminds us to be careful


Monday, August 6, 2018 by

reddit recently disclosed in their announcements feed of a security breach into their system which the hacker "managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords." Include in the disclosed information was some reddit source code and some log files. They went on to sa...


Mobiconf-2018-will-return-to-Poland

Mobiconf 2018 will return to Poland


Tuesday, July 24, 2018 by

Mobiconf 2018 will soon be coming to Krakow, Poland inside the Multikino cinema theater. Taking place on the 4-5th October, the mobile developer conference will boast topic titles like “What Mom Never Told You about Multi-threading (mobile edition)” and “Application Security in Agile Mobile Development.” And featuring talks from Fernando Cejas, D...


Detect-eavesdropping-in-your-mobile-app-with-TrustKit

Detect eavesdropping in your mobile app with TrustKit


Wednesday, July 11, 2018 by

Data Theorem, Inc. announced the availability of TrustKit Analytics, a new service for the TrustKit community that delivers advanced security insights. In addition, the company announced that since TrustKit’s release in 2015, it has identified more than 100 million eavesdropping attempts on iOS and Android applications, where apps in active mode have blocked 100 p...


Find-bugs-in-your-code-before-launch-with-new-ReGrade-platform

Find bugs in your code before launch with new ReGrade platform


Thursday, May 24, 2018 by

Let's face it, most of us do not write flawless code, and according to the U.S. Department of Homeland Security, 90 percent of security incidents result from exploits against defects in software (ouch). Curtail Security has announced the release of ReGrade. The platform helps give customers the ability to identify critical version differences in the development cycle an...


What-some-experts-are-saying-about-GDPR

What some experts are saying about GDPR


Friday, May 18, 2018 by

The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...


DevOps-practices--more-likely-to-integrate-automated-security

DevOps practices more likely to integrate automated security


Saturday, April 21, 2018 by

Sonatype published findings from its 5th annual DevSecOps Community Survey of 2,076 IT professionals. The survey shares practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions.  Survey respondents with mature DevOps practices were 338% more likely to integrate automated security than organizations with no DevOps pra...


Why-developers-run-away-from-security-updates

Why developers run away from security updates


Monday, April 16, 2018 by

Veracode, Inc. has released new data that shines a light on the discrepancy between component security and hygiene. According to the research conducted with Vanson Bourne, only 52 percent of developers using commercial or open source components in their applications update those components when a new security vulnerability is announced. This highlights organizations’ la...


Forrester-recognizes-Prevoty-for-its-RASP

Forrester recognizes Prevoty for it's RASP


Monday, April 2, 2018 by

Prevoty is cited as the leader of runtime application self-protection (RASP) technologies in The Forrester New Wave: Runtime Application Self-Protection, Q1 2018, released recently. Analysts from the influential research and advisory firm evaluated the eight most significant RASP vendors, interviewed customers, received demonstrations, and measured each solution against...


Enterprises-need-a-software-security-program

Enterprises need a software security program


Tuesday, January 30, 2018 by

The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...


Most-cryptocurrency-mobile-apps-are-vulnerable

Most cryptocurrency mobile apps are vulnerable


Thursday, November 30, 2017 by

Over 1,300 crypto currencies exist today with over $300 Billion market capitalization. One of the most popular and oldest cryptocurrency - Bitcoin has almost reached $10,000 price after several months of fluctuation, but continuous and steady growth.A wide spectrum of mobile applications for cryptocurrencies were released during the last few years by various startups, i...


DevSecOps-is-important-and-here-is-why

DevSecOps is important and here is why


Friday, October 20, 2017 by

In the digital age, securing your development projects against malicious hackers can be quite the challenge. And when you take security and try to scale security to an enterprise, the challenge seems insurmountable. Evident by the frequent hacking incidents we see come through the news.Enter DevSecOps. DevSecOps is a methodology that interweaves the aspects of DevOps an...


Automated-Security-as-a-Service-platform-by-ShiftLeft-launches

Automated Security as a Service platform by ShiftLeft launches


Monday, October 16, 2017 by

ShiftLeft Inc. has introduced an automated Security as a service (SECaaS) for cloud software that creates custom security and threat detection for each application it supports. With ShiftLeft, organizations can now secure their cloud applications as part of their continuous integration pipeline, rather than merely reacting to threats discovered in production. ShiftLeft ...


Sending-out-an-S.O.S.-for-SMS

Sending out an S.O.S. for SMS


Wednesday, October 4, 2017 by

What a difference a year makes. Just one year after the National Institute of Standards and Technology issued guidance that found SMS is insecure and no longer suitable as a strong authentication mechanism, it has walked all of that back.At the time the original draft was published, it was highly unusual for any US government agency to get out in front of the security i...


Veracode-announced-two-new-key-integrations

Veracode announced two new key integrations


Friday, August 11, 2017 by

Veracode, a software security company acquired by CA Technologies, has announced the Veracode HPE Application Lifecycle Manager (ALM) Flaw Synchronizer Plug-in, which empowers development and QA/release engineers to fix security vulnerabilities early in the Software Development Lifecycle (SDLC). The company also announced an enhanced integration to the Veracode Applicat...


Checkmarx-acquired-Codebashing

Checkmarx acquired Codebashing


Tuesday, July 25, 2017 by

Checkmarx has acquired Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don't address the specific challenge as...


Software-developers-are-easy-targets-for-hackers-study-finds

Software developers are easy targets for hackers study finds


Thursday, July 20, 2017 by

Netsparker Ltd., a company in the web applications security industry, has released survey results showing that most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall. The primary reason is not that their web server software is out of date, however. Instead, it is largely the result of developers running vulnerab...


With-DevOps-security-must-work-differently

With DevOps security must work differently


Tuesday, June 27, 2017 by

Because “software is eating the world,” as Mark Andreessen famously noted, application security gets harder every day; every line of code written opens organizations to new vulnerabilities and breaches. Furthermore, legacy solutions, such as static analysis, dynamic analysis and web application firewalls have failed to keep pace with Agile and DevOps practices. Teams ne...


VASCO-launches-overlay-detection-in-DIGIPASS

VASCO launches overlay detection in DIGIPASS


Thursday, June 22, 2017 by

VASCO Data Security International, Inc., a provider of identity, security and business productivity solutions, has announced its ability to help organizations detect and mitigate mobile application overlay attacks through added functionality in the DIGIPASS for Apps Runtime Application Self-Protection (RASP) module.Overlay attacks are increasingly being deployed to stea...


Why-runtime-application-self-protection-is-critical-for-app-security

Why runtime application self-protection is critical for app security


Tuesday, June 20, 2017 by

Today most of us go about implementing security from the outside in. The common practice is to start by defining a perimeter and trying to defend it with various security tools. Even though perimeters have been porous for more than a decade, we still can’t give up this notion that if we build a better wall we can keep our enterprises safer.Certainly that is where most e...


DevSecOps-will-help-security-and-developers-play-nice

DevSecOps will help security and developers play nice


Thursday, June 15, 2017 by

Veracode, a security software company acquired by CA Technologies, has announced the results of a study examining the relationships between application developers and security teams.The study, conducted in conjunction with Enterprise Strategy Group (ESG), shows that despite the pervasive belief that security and development teams have conflicting priorities, initiatives...


Enterprise-threat-dubbed-HospitalGown-infests-thousands-of-apps

Enterprise threat dubbed HospitalGown infests thousands of apps


Tuesday, June 6, 2017 by

Appthority, an enterprise mobile threat protection company, published research on a newly discovered backend data exposure vulnerability, dubbed HospitalGown, that highlights the connection between mobile apps and insecure backend databases containing enterprise data. Appthority documented more than 1,000 apps with this vulnerability, and researched in detail 39 applica...


Improve-mobile-app-security-by-turning-it-into-code

Improve mobile app security by turning it into code


Monday, May 8, 2017 by

Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong. Far more than any one person can be expert in. It's unfair to think that a software developer, who is already supposed to be expert in all the latest software languages, frameworks and best practices, should als...


The-hottest-skills-needed-in-the-freelance-job-market-to-get-hired

The hottest skills needed in the freelance job market to get hired


Thursday, May 4, 2017 by

Upwork has released its newest quarterly index of the hottest skills in the U.S. freelance job market. The Upwork Skills Index ranks the site’s 20 fastest-growing skills and is part of a quarterly series that sheds light on new and emerging skills freelancers are providing. According to a recent report, nearly half (49%) of hiring managers use freelancers to access skil...


Red-Hat-and-Avi-Networks-join-forces-to-automate-the-enterprise-app-lifecycle

Red Hat and Avi Networks join forces to automate the enterprise app lifecycle


Wednesday, May 3, 2017 by

Avi Networks has collaborated with Red Hat to simplify and automate the enterprise application development and deployment lifecycle. Through the collaboration, Avi Networks and Red Hat integrated technologies to give enterprises the combined power of a container application platform, IT automation, software load balancing, and container networking services. With the con...


Instart-Logic-brings-Helios-AI-Driven-security-out-into-the-open

Instart Logic brings Helios AI-Driven security out into the open


Friday, April 28, 2017 by

In ancient mythology, Helios was the Greek god of the sun streaking across the heavens in a chariot shining much-needed light onto a dark and dangerous world. That’s exactly what Instart Logic, is doing with their latest announcement of Helios - "using artificial intelligence to illuminate and solve today’s most challenging digital security issues."Web application attac...


WhiteSource-Bolt-detects-vulnerable-open-source-components

WhiteSource Bolt detects vulnerable open source components


Thursday, March 30, 2017 by

WhiteSource, a continuous open source security and compliance management company, has announced the launch of a new open source management tool integrated within the Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS) platforms - the WhiteSource Bolt (Bolt).Bolt is fully immersed within the VSTS and TFS products, so users can detect vulnerable ...


ImmuniWeb-Mobile-launches-to-offer-better-mobile-security-testing

ImmuniWeb Mobile launches to offer better mobile security testing


Wednesday, March 15, 2017 by

High-Tech Bridge announces the launch of ImmuniWeb Mobile as part of ImmuniWeb Application Security Testing Platform. The new offering will provide comprehensive assessment of iOS and Android mobile applications, mobile infrastructure backend and data channel encryption. All ImmuniWeb Mobile packages are provided with a zero false-positives SLA. The mobile application s...


Veracode-sells-to-CA-Technologies-for-$614M

Veracode sells to CA Technologies for $614M


Wednesday, March 8, 2017 by

CA Technologies announced it has signed a definitive agreement to acquire Veracode, a company that is securing web, mobile and third-party applications across the software development lifecycle, for approximately $614 million in cash. The transaction is expected to close in the first quarter of fiscal year 2018, and is subject to customary closing conditions, including ...


80-percent-of-web-apps-have-security-flaws

80 percent of web apps have security flaws


Tuesday, February 14, 2017 by

Data collected by Contrast Labs has revealed that sensitive data exposures, which include missing and weak encryption, are the top vulnerability plaguing 69 percent of web applications and accounting for 26 percent of all vulnerabilities. Their research has also found that 80 percent of tested software applications had at least one vulnerability, with an average of 45 v...


Checkmarx-opens-beta-support-for-Scala-programming-language

Checkmarx opens beta support for Scala programming language


Wednesday, February 1, 2017 by

Checkmarx, an application security testing company, has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code.The added capability not only allows the detection of vulnerabilities within Scala code, but also the ability to...


Scanning-JavaScript-for-vulnerabilities:-How-the-impossible-is-now-possible

Scanning JavaScript for vulnerabilities: How the impossible is now possible


Friday, January 13, 2017 by

Javascript is everywhere, and it's awesome! But the world most popular language can be riddled with problems if you aren't a careful programmer.There is a saying that speaks to the incredible popularity of JavaScript as a programming language and it goes like this: “any application that can be written in JavaScript, will eventually be written in JavaScript.” The we...


How-do-we-simplify-east-west-security-The-imperative-path-is-upon-us

How do we simplify east-west security The imperative path is upon us


Monday, December 5, 2016 by

Ahhh, the endless saga of streamlining hazards around application security: let’s talk about the East-West component of the conundrum. But first, it’s important to clarify the variances of ‘East-West’ vs. ‘North-South’ traffic in a typical data center environment. By definition: North-South traffic is the communication that occurs between server applications deploy...


Foxit-WebPDF-2.0-launches-with-REST-API-and-Docker-support

Foxit WebPDF 2.0 launches with REST API and Docker support


Thursday, November 24, 2016 by

Foxit Software has announced the release of Foxit WebPDF Viewer 2.0. The new release includes enhanced rendering, performance and security features, equipping web developers for better customization, integration and document control.There are several performance enhancements in WebPDF 2.0, including faster parsing and rendering of local PDFs, lower levels of server stra...


New-VS-plugin-from-Checkmarx-lets-DevOps-teams-to-rapidly-embed-security

New VS plugin from Checkmarx lets DevOps teams to rapidly embed security


Wednesday, November 16, 2016 by

Checkmarx just announced a new Checkmarx plugin for the Microsoft Visual Studio Team Services platform. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the delays traditionally caused by application security t...


Comparing-server-virtualization-and-containers

Comparing server virtualization and containers


Monday, November 14, 2016 by

Apcera is a San Francisco-based company building the next-generation container management platform, and they believe that cloud computing is an ever-evolving way of interfacing with technology. With Apcera’s platform, they aim to solve the hard problems that enterprises face in embracing the new world of containers to unlock the potential of modern architectur...


co