Microsoft misconfigurations expose millions of records globally
Monday, November 18, 2024 by Freeman Lightner
In September 2024, significant data exposure was discovered within Microsoft Power Pages, a low-code SaaS platform, due to misconfigured access controls. The exposure, which potentially affected millions of individuals, highlights the risks associated with excessive permissions granted to the platform's "Anonymous" and "Authenticated" user roles....
Veracode acquires Longbow Security
Thursday, April 18, 2024 by Freeman Lightner
Veracode announced the acquisition of Longbow Security, a security risk management platform for cloud-native environments. The acquisition marks the next exciting phase of Veracode, underscoring the company’s commitment to help organizations effectively manage and reduce application risk across the growing attack surface.
The integration of Longbow in...
Compliance as code adoption in 2022
Monday, January 10, 2022 by Freeman Lightner
Prashanth Nanjundappa is VP of Product Management at Progress. He has spent his entire career of over 20 years in the tech world, managing cross-functional high-performance teams, focused on building and launching enterprise and consumer products globally.
In the first 12 years of his career, Prashanth worked as a developer, technical lead, and architect for mobile, ...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
Agile software development platform integrated into Applitools
Monday, August 23, 2021 by Brittany Hainzinger
Applitools announced a new Rally integration as part of the Eyes 10.11 release. Rally is a popular application lifecycle management platform used to track each phase of agile software development, from planning to defect tracking. This integration allows developers and QA engineers to easily log and manage all data collected about bugs, and how to fix them, in a single ...
Vanta launches Automated ISO 27001 Certification and HIPAA Compliance
Tuesday, July 13, 2021 by Brittany Hainzinger
Vanta announced public availability for two new certification standards that help secure the internet and protect consumer data. Vanta provides automated compliance audits and continuous security monitoring through a robust SaaS platform, enabling companies to achieve industry standardization in weeks instead of months.
The rise of data leaks and privacy concerns hav...
Compliance automation will take center stage this year
Wednesday, May 26, 2021 by Richard Harris
Compliance automation uses artificial intelligence features and technology to make compliance procedures easier - according to most sources on the web, about the meaning of compliance automation.
Progress Software CEO Yogesh Gupta says with smart companies turning to a compliance-as-code approach to keep infrastructure, apps, and end-user devices secure and com...
Not all security vulnerabilities are created equal
Tuesday, May 25, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function, value and, unfortunately, they also provide one of the easiest openings for cybercriminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the concept o...
Developer edition of Incognia fraud prevention solution has launched
Tuesday, May 4, 2021 by Brittany Hainzinger
Incognia announced the launch of its Developer Edition, a free version of Incognia’s mobile fraud prevention solution for mobile app developers. The offering allows mobile developers to add frictionless fraud prevention to fintech and mcommerce apps, enabling superior UX design and account security within their apps. Developers benefit from Incognia’s rapid ...
env0 updates infrastructure automation platform
Monday, May 3, 2021 by Brittany Hainzinger
env0 has announced updates to its Infrastructure Automation Platform, some of which include Bitbucket Server integration for continuous deployment and plan on pull requests and integration with Module Registry, allowing users to save all of their modules in a single location so they can be quickly recalled for other deployments. One of the more significant enhancements ...
Six areas of focus for continuous security
Friday, April 16, 2021 by Jack Mannino
Applications are the heart of employee and user productivity. There are billions of applications each with a specific function and value and, unfortunately, they also provide one of the easiest openings for cyber criminals and hackers to gain access to critical IT infrastructure and information assets. While most IT security professionals implicitly understand the conce...
Docker and Snyk partner to deliver container vulnerability scanning
Wednesday, May 20, 2020 by Brittany Hainzinger
Docker has partnered with Snyk to deliver native vulnerability scanning of container images in Docker. Together, Docker and Snyk will provide a streamlined workflow that makes the application development process more secure for millions of developers, allowing them to more quickly and confidently build secure applications as an automated part of their toolchain.
...
Videoselfie authentication tool launches
Tuesday, February 19, 2019 by Richard Harris
Jumio announced the launch of Jumio Authentication, a new video-selfie authentication that uses biometrics for user authentication, that could be ideal for account logins and high-risk scenarios (e.g., logging in from a foreign IP address or authorizing high-risk transactions such as wire transfers and online purchases). Secure selfie authentication can also be use...
HUMANOBOT can discover nonhuman activities trying to commit fraud
Tuesday, July 25, 2017 by Austin Harris
SecuredTouch's HUMANOBOT behavioral biometrics tech has recently fine-tuned its platform to better detect non-human activities like bots and emulators trying to commit fraud. HUMANOBOT detects non-human behavior generated by bots, malware, and automated scripts and stops fraud-focused emulators within mobile applications.The system recognizes these behaviors using advan...
With DevOps security must work differently
Tuesday, June 27, 2017 by Richard Harris
Because “software is eating the world,” as Mark Andreessen famously noted, application security gets harder every day; every line of code written opens organizations to new vulnerabilities and breaches. Furthermore, legacy solutions, such as static analysis, dynamic analysis and web application firewalls have failed to keep pace with Agile and DevOps practices. Teams ne...
Improve mobile app security by turning it into code
Monday, May 8, 2017 by Jeff Williams
Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong. Far more than any one person can be expert in. It's unfair to think that a software developer, who is already supposed to be expert in all the latest software languages, frameworks and best practices, should als...
