App security training enhancements by Security Journey
Wednesday, July 19, 2023 by Freeman Lightner
Security Journey announced an acceleration of its secure coding training platform enhancements. Since combining HackEDU and Security Journey training offerings into one Platform, the company has added or refreshed almost 200 lessons and 25 languages, frameworks, and technologies; giving customers even more new training content to improve secure coding knowledge gain of ...
Improving security posture with static application security testing
Friday, February 12, 2021 by Tim Jarrett
Amid the worldwide pursuit of digital transformation, the software has seen a meteoric rise, and application security has become paramount. As more companies become software-centric, they publish more applications, increasing the risk vulnerable code will be released. To help reduce this risk, static application security testing (SAST) can help dev teams find and fix we...
DevSecOps 7th annual Community Survey results
Wednesday, April 15, 2020 by Brittany Hainzinger
Sonatype published findings from its seventh annual DevSecOps Community Survey, based on responses from 5,045 software engineering professionals. The survey, developed and conducted in partnership with Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
Code security gamification company nabs $3.5M in funding
Friday, September 14, 2018 by Austin Harris
Secure application development platform provider Secure Code Warrior announced that it has gained US $3.5 million in funding from two strategic venture capital firms. The financing was led by Washington DC-based Paladin Capital Group, with participation from Sydney-based AirTree Ventures. The initial funding round will allow the company to further expand its rapidly gro...
Open Source security comes to GitHub
Thursday, August 16, 2018 by Richard Harris
Sonatype announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source security governance, free of charge. Powered by Sonatype’s OSS Index, DepShield integrates directly into GitHub repositories and allows developers to easily identify and avoid using open source components with known vulnerabilities.
“The...
Enterprises need a software security program
Tuesday, January 30, 2018 by Sammy Migues
The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...
Most cryptocurrency mobile apps are vulnerable
Thursday, November 30, 2017 by Austin Harris
Over 1,300 crypto currencies exist today with over $300 Billion market capitalization. One of the most popular and oldest cryptocurrency - Bitcoin has almost reached $10,000 price after several months of fluctuation, but continuous and steady growth.A wide spectrum of mobile applications for cryptocurrencies were released during the last few years by various startups, i...
Checkmarx acquired Codebashing
Tuesday, July 25, 2017 by Austin Harris
Checkmarx has acquired Codebashing, an application security education company that delivers Game-like AppSec Training for Developers.Traditional secure coding education is ineffective and cannot scale to deliver continuous and across the board secure coding knowledge. Long training courses disrupt the developer’s daily routine and don't address the specific challenge as...
Improve mobile app security by turning it into code
Monday, May 8, 2017 by Jeff Williams
Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong. Far more than any one person can be expert in. It's unfair to think that a software developer, who is already supposed to be expert in all the latest software languages, frameworks and best practices, should als...
HPE Study identifies significant barriers with integrating security and DevOps
Tuesday, October 25, 2016 by Richard Harris
The HPE Application Security and DevOps Report just released, which discusses in depth where organizations are at in their implementation of DevOps, and how application security fits within this new model. While there is a perception that security and DevOps go hand-in-hand, there are significant gaps between the opportunity of incorporating security as a natural part o...
Checkmarx Tells Us Why App Developers Should Care About App Security
Thursday, August 18, 2016 by Richard Harris
We recently had a conversation with Emmanuel Benzaquen at Checkmarx to talk about how they are able to scrutinize code with a fine-toothed comb and find vulnerabilities early and why other developers need to be doing the same. With clients such as Coca-Cola, SAP, and Salesforce, they seem to be carving out a niche for application security in the crowded tech-s...
Secure Cloud is a Reality
Wednesday, October 14, 2015 by Eric Naiburg
The move to the cloud has become a quick first step when looking to improve application delivery, performance and costs, yet in the back of everyone’s mind is whether or not the cloud can be secure. When it comes to the cloud these days however, security shouldn’t be a concern as long as you spend the time designing the right architecture for your application and ...