SBOM mandate to improve cybersecurity in the US
Friday, March 17, 2023 by Freeman Lightner
The number of cyberattacks waged against government sectors worldwide increased by 95% in the second half of 2022 compared to the same time period in 2021. (1) The global cost of cyberattacks is expected to grow exponentially from $8.44 trillion in 2022 to $23.84 trillion by 2027. (2) To support the nation’s critical infrastructure and Federal Government networks,...
Zero trust policies for software releases could be key
Thursday, December 8, 2022 by Gopinath Rebala
Today’s integrated DevOps methodology offers businesses the promise of accelerating innovation by providing customers and employees with new application capabilities faster. However, this approach can also increase risks associated with cybercrime and the failure to comply with rapidly evolving privacy regulations. As a result, minimizing security risk during the ...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
2021 Coding Week recap from industry experts
Monday, September 20, 2021 by Richard Harris
National Coding Week takes place during September 13 - September 19 and it is a great time to engage everyone into coding in a fun and easy way. According to an article from National Today, "92 percent of executives believe American workers are not as skilled as they need to be." National Coding Week is a perfect opportunity for improving your coding skills to...
GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
To encrypt or not encrypt legacy devices no longer a choice
Thursday, March 19, 2020 by Freeman Lightner
Encryption forms a strong layer of protection for our data and a last line of defense against cybercrime. By deploying encryption, users can render their data unreadable if it is compromised. Whether that means hackers intruding into the network, or an employee unwittingly exposing sensitive information, the data will be useless to any unauthorized agents who happe...
Iowa caucus app woes from a developer perspective
Friday, February 21, 2020 by Richard Harris
Whether the issues behind the Iowa Democratic Caucus app debacle were specific to UX, connectivity, traffic, or just good ol’ fashioned reluctance to embrace the technology, the ramifications of this mess will be felt for a long time – the hanging chad of the new decade. So are apps out? Absolutely not, but things are going to have to change.
Applications...
Prevoty offers new Autonomous Application Protection capabilities
Friday, March 1, 2019 by Christian Hargrave
Imperva announced the expansion of its application security offerings with two new Autonomous Application Protection capabilities.
The update extends customers’ visibility into how applications behave and how users interact with sensitive information. With this expanded view across their business assets, customers will have deeper insights to understand and mit...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
Enterprise security report says mobile workers put data at risk
Wednesday, October 10, 2018 by Christian Hargrave
According to a new study titled Greatest Mobile Security Threats in the Enterprise, a significant lack of visibility into devices and networks is putting businesses at risk for data leakage and phishing attacks. The study, conducted by Enterprise Mobility Exchange and commissioned by NetMotion Software, showed that nearly 50 percent of mobile workers spend the majority ...
Cisco releases security connector app for iOS devices
Tuesday, January 2, 2018 by Christian Hargrave
Cisco announced the availability of Cisco Security Connector, a security app designed to give enterprises the deepest visibility and control over network activity on iOS devices, now in the App Store.Apple has designed iOS to be secure from the ground up and to be simple, intuitive, and powerful for users. By using iPhones and iPads with iOS 11 and Cisco Security Connec...
People are worried about internetconnected car security
Monday, December 4, 2017 by Christian Hargrave
Thales announced survey results revealing how respondents feel about the potential risks connected vehicles pose to their safety and the security of their personal information.Connected cars use mobile internet technology for safety systems and remote diagnostics (like “OnStar”), as well as controlling key functions via a smartphone, smartwatch, tablet or computer - ena...
The HBO hack reveals how vulnerable data is to black hats
Thursday, August 31, 2017 by Richard Harris
The HBO hack is the latest in a string of high-profile hacks over the last two years (Dropbox, Yahoo!, UK Ministry of Health) where a handful of vulnerable servers were compromised and used to take down and steal information. Studies have shown the next year represent a turning point in the digitization of enterprise content. A recent Forrester study commissioned by Alf...
What happens to security when your apps go to the cloud
Wednesday, November 9, 2016 by Richard Harris
When Marc Andreessen wrote, “software is eating the world,” he meant that every business is literally turning into software. The problem is that every line of code you write makes you easier to attack. Historically, we dealt with security by putting up walls and scanning. But the complexity of modern software environments has made these approaches ineffective ...
Security First: 5 tips for building a secure mobile app from the ground up
Wednesday, October 5, 2016 by Karen Sittig
With more than two billion smartphone users worldwide, the app market has exploded — along with risks. Mobile app developers are still struggling to make security a priority and by 2017, cyber-attacks via vulnerable apps are anticipated to account for 75% of all mobile security breaches. Given what's at stake, it's critical that developers build apps that are &ldq...
A Deep Dive into Network Functions Virtualization and SoftwareDefined Networking
Tuesday, May 24, 2016 by Stuart Parkerson
We recently visited with Tim Diep, CA Technologies Director of SDN/NFV Product Management, to discuss how networks in the application economy need to transform through software defined networking and network functions virtualization.ADM: What is Software-Defined Networking/Network Functions Virtualization?Diep: Software-Defined Networking (SDN) is a technology focused o...
Department of Homeland Security Creates Mobile Application Playbook
Tuesday, April 26, 2016 by Richard Harris
The U.S. Department of Homeland Security (DHS), Office of the Chief Technology Officer (OCTO), has created The Mobile Application Playbook (MAP), a DHS sponsored reference guide to assist federal agencies with the planning, management, and execution of mobile application projects.The MAP publication provides a roadmap for creating mobile applications and is designed to ...
How March Madness Impacts Enterprise Mobile Data Usage and BYOD Security
Tuesday, April 5, 2016 by Richard Harris
Oversized events like March Madness and the Olympics not only can cause decreased productivity from employees, but also may increase security risks for companies whose employees are using devices that access corporate data. We visited with Michael Covington, VP Product for Wandera, to discuss research the company conducted during the NCAA basketball tournament to learn ...
March Madness Apps May Be Accessing Your Data
Tuesday, March 15, 2016 by Stuart Parkerson
In its mobile app risk assessment report “March Madness or April Foods” Flexera Software highlighted BYOD security issues by analyzing the annual March Madness craze as employees are using apps on their corporate and BYOD devices to stream content, complete brackets and track March Madness activities.The report focused on what data these apps access, what device feature...
What You Need to Know about BYOD Security
Wednesday, December 2, 2015 by Jayaraman Gopal
As employees bring their own devices to work, IT teams face an assortment of challenges, from managing mobile apps on a myriad of different devices to backing up and restoring business data. But bar none, the greatest burden for IT staff is securing business data on mobile devices.The Good, the Bad, and the Ugly (in Reverse Order)The UglyThe BYOD phenomenon has spawned ...
Appthority Releases Summer 2013 App Reputation Report
Tuesday, August 6, 2013 by Richard Harris
Appthority’s Summer 2013 App Reputation Report has been published, taking a behind the scenes look at how apps actually work as they relate to the consumer. The biggest finding of the study is the finding that 83% of the apps had some type of security risk or privacy issues.
Appthority conducted the study of 400 mainstream iOS and Android free and paid apps. Appthority...