GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
DevSecOps 7th annual Community Survey results
Wednesday, April 15, 2020 by Brittany Hainzinger
Sonatype published findings from its seventh annual DevSecOps Community Survey, based on responses from 5,045 software engineering professionals. The survey, developed and conducted in partnership with Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps...
Improve DevOps processes with API catalog
Thursday, March 26, 2020 by Richard Harris
One of the biggest trends in DevOps is the “shift left” approach when it comes to security, so much so that security conferences now host developer days, developer conferences host security days, and the two have melded into DevSecOps. But pragmatically, how do you implement security earlier into your development cycles? According to CloudVector VP of Engine...
Justin Dolly becomes Chief Security Officer at Sauce Labs
Wednesday, February 12, 2020 by Brittany Hainzinger
Sauce Labs Inc. announced the appointment of Justin Dolly as chief security officer. A security industry veteran with more than 20 years of experience, Dolly will develop, implement, and enforce the company’s long-term security strategy, ensuring its customers have the highest level of protection to support their digital goals. The hiring of Dolly follows the rece...
API contracts at the heart of security in 42Crunch release
Thursday, August 8, 2019 by Christian Hargrave
42Crunch, the creator of the industry's first API Firewall has released the API security platform with enhanced tools for developers to easily define security in OpenAPI contracts, enabling an agile DevSecOps experience, and providing full visibility into each individual API's security landscape. API security is complex and becomes a bottleneck wh...
DJI's Manifold 2 can make drones autonomous robots
Monday, June 3, 2019 by Richard Harris
DJI announced Manifold 2, an ultra-compact onboard supercomputer for DJI drones that enables the next-generation of autonomous aerial robotics solutions. With the additional compute capability of Manifold 2, users can process complex image data onboard the drone and get results immediately and can program drones to fly autonomously while identifying objects and avoiding...
Acronis gives developers early access to new cyber platform
Monday, April 29, 2019 by Brittany Hainzinger
Acronis announced the opening of its core platforms, enabling broad, third-party developer access to the Acronis Cyber Platform to encourage expanded functionality and application integrations while expanding their opportunities in Acronis’ large ecosystem.
The Acronis Cyber Platform, which is the foundation of the company’s existing services, features a ...
Low code pros and cons
Wednesday, April 17, 2019 by Richard Harris
If you are a coder - someone who can actually write source code for software development, you are probably tired of the constant barrage of emails from head-hunters wanting to snipe you from your current position. You are in demand my friend, very high demand in fact, and there is no sign of it slowing down. Developers are needed in every sector of the IT industry, but ...
API security testing just got easier with 42Crunch's new scanner
Thursday, March 21, 2019 by Richard Harris
42Crunch officially released the 42Crunch API Platform, an API security cloud platform to discover vulnerabilities in APIs and protect them from attack. The 42Crunch Platform can protect SaaS, Web, or IoT APIs, as well as microservices.
This follows the launch of the free API Contract Security Audit tool at APISecurity.io earlier this month. The tool helps API d...
Just Commit says GitLab
Thursday, March 7, 2019 by Richard Harris
Nike’s “Just Do It” campaign has inspired athletes since 1988. Now, in 2019, GitLab draws on that mantra to motivate developers and create a lead employees to success. This year marks DevOps’ 10-year anniversary, and over the past 10 years the approach to the industry and culture has continued to change. However, one thing remains the same - you ...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
How the reddit security breach reminds us to be careful
Monday, August 6, 2018 by Christian Hargrave
reddit recently disclosed in their announcements feed of a security breach into their system which the hacker "managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords." Include in the disclosed information was some reddit source code and some log files.
They went on to sa...
What some experts are saying about GDPR
Friday, May 18, 2018 by Christian Hargrave
The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...
Enterprises need a software security program
Tuesday, January 30, 2018 by Sammy Migues
The answer to the “why” enterprises need a software security program question is pretty straightforward. There are no circumstances under which any but the smallest firms can expect a collection of independent activities - a pen test here, an hour of training there, some free tools that may or may not work as advertised - will consistently result in appropriately secure...
Most cryptocurrency mobile apps are vulnerable
Thursday, November 30, 2017 by Christian Hargrave
Over 1,300 crypto currencies exist today with over $300 Billion market capitalization. One of the most popular and oldest cryptocurrency - Bitcoin has almost reached $10,000 price after several months of fluctuation, but continuous and steady growth.A wide spectrum of mobile applications for cryptocurrencies were released during the last few years by various startups, i...
Rethinking DevOps as DevSecOps
Thursday, October 12, 2017 by Akshay Aggarwal
If you’re not already thinking right now that your DevOps teams should be run like a DevSecOps team, you may already be in a world of hurt. Time to wake up! As the adoption of APIs continues to grow, so do the risks to organizations that don’t actively test the security of their solutions. Modern Agile development frameworks have changed the way engineering teams produc...
Veracode announced two new key integrations
Friday, August 11, 2017 by Christian Hargrave
Veracode, a software security company acquired by CA Technologies, has announced the Veracode HPE Application Lifecycle Manager (ALM) Flaw Synchronizer Plug-in, which empowers development and QA/release engineers to fix security vulnerabilities early in the Software Development Lifecycle (SDLC). The company also announced an enhanced integration to the Veracode Applicat...
DevSecOps will help security and developers play nice
Thursday, June 15, 2017 by Richard Harris
Veracode, a security software company acquired by CA Technologies, has announced the results of a study examining the relationships between application developers and security teams.The study, conducted in conjunction with Enterprise Strategy Group (ESG), shows that despite the pervasive belief that security and development teams have conflicting priorities, initiatives...
A DevOps framework for federal customers
Wednesday, May 17, 2017 by Christian Hargrave
Last Thursday, President Trump signed an executive order designed to strengthen the cybersecurity of federal networks including moving all federal IT systems to the cloud. The executive order also calls for effective risk management, which includes requiring planning so that maintenance, improvements and modernization occur in a coordinated way and with appropriate regu...
Improve mobile app security by turning it into code
Monday, May 8, 2017 by Jeff Williams
Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong. Far more than any one person can be expert in. It's unfair to think that a software developer, who is already supposed to be expert in all the latest software languages, frameworks and best practices, should als...
How companies can keep their remote teams safe
Monday, April 3, 2017 by Gene Richardson
If you hate bringing your work home with you, spare a thought for the 3.7 million Americans for whom home is the workplace.The telecommuter population is growing faster than the overall employee base, according to Global Workplace Analytics, and with half of all jobs deemed suitable for performing from home, it is a trend that is set to go on growing. Already, around a ...
Intentbased mobile app security: It's harder than you think
Thursday, March 23, 2017 by John Morello
Recently, intent-based security has become a buzzword and a commonly used phrase in the developer community. However, this new wave of security is much more than just a catchphrase. The concept of intent-based security adds a new level of protection to applications in containerized environments, specifically by understanding what the app is intended to do and looking fo...
Canonical collaborates to with NXP to improve IoT
Wednesday, March 22, 2017 by Richard Harris
NXP and Canonical have collaborated to port Ubuntu Core to the LS1043A, a quad-core SoC targeted at IoT gateways and networking equipment. With this combination, device manufacturers gain a platform with which to build high throughput IoT Gateways.Ubuntu Core has been used in a variety of devices from IoT Gateways to network equipment. IoT Gateways benefit from the wide...
ImmuniWeb Mobile launches to offer better mobile security testing
Wednesday, March 15, 2017 by Richard Harris
High-Tech Bridge announces the launch of ImmuniWeb Mobile as part of ImmuniWeb Application Security Testing Platform. The new offering will provide comprehensive assessment of iOS and Android mobile applications, mobile infrastructure backend and data channel encryption. All ImmuniWeb Mobile packages are provided with a zero false-positives SLA. The mobile application s...
Veracode sells to CA Technologies for $614M
Wednesday, March 8, 2017 by Christian Hargrave
CA Technologies announced it has signed a definitive agreement to acquire Veracode, a company that is securing web, mobile and third-party applications across the software development lifecycle, for approximately $614 million in cash. The transaction is expected to close in the first quarter of fiscal year 2018, and is subject to customary closing conditions, including ...
Checkmarx opens beta support for Scala programming language
Wednesday, February 1, 2017 by Richard Harris
Checkmarx, an application security testing company, has announced open beta support of the Scala programming language. The new capability adds the ability to analyze and remediate security risks and vulnerabilities exposed in projects written using Scala code.The added capability not only allows the detection of vulnerabilities within Scala code, but also the ability to...
New VS plugin from Checkmarx lets DevOps teams to rapidly embed security
Wednesday, November 16, 2016 by Christian Hargrave
Checkmarx just announced a new Checkmarx plugin for the Microsoft Visual Studio Team Services platform. The new Checkmarx (CxSAST) Microsoft Visual Studio Team Services Plugin allows organizations with agile development practices to embed security into their software development lifecycle (SDLC) without the delays traditionally caused by application security t...
What happens to security when your apps go to the cloud
Wednesday, November 9, 2016 by Richard Harris
When Marc Andreessen wrote, “software is eating the world,” he meant that every business is literally turning into software. The problem is that every line of code you write makes you easier to attack. Historically, we dealt with security by putting up walls and scanning. But the complexity of modern software environments has made these approaches ineffective ...
A discussion on cloud sandboxes with Quali's CMO Shashi Kiran
Monday, October 17, 2016 by Richard Harris
DevOps processes are used to accelerate the development of cloud applications, and sandboxes can help by providing actual replicas of production environments for developers to try out new code, or for test teams to get access to holistic real-world environments without the risk of harming a live production environment. We recently had an interesting conversat...
Hewlett Packard Enterprise Introduces New Application Security Solutions
Monday, September 19, 2016 by Richard Harris
Hewlett Packard Enterprise (HPE) has introduced the HPE Fortify Ecosystem and Fortify on Demand (FoD) continuous application monitoring service. The online marketplace and service are designed to help organizations create secure applications by naturally integrating security testing processes and resources throughout the fast-paced software development lifecycle (SDLC)....
Checkmarx Tells Us Why App Developers Should Care About App Security
Thursday, August 18, 2016 by Richard Harris
We recently had a conversation with Emmanuel Benzaquen at Checkmarx to talk about how they are able to scrutinize code with a fine-toothed comb and find vulnerabilities early and why other developers need to be doing the same. With clients such as Coca-Cola, SAP, and Salesforce, they seem to be carving out a niche for application security in the crowded tech-s...
Quali Tells Us What the Coolest Thing About Sandboxing Is
Friday, August 12, 2016 by Richard Harris
Getting good quality software to the market fast is a big challenge, so we recently sat down with Joan Wrabetz, CTO of Quali to chat about Cloud Sandboxing, Community and the Hottest New Release for Full-Stack Application Environments.ADM: Tell me a little about Quali?Wrabetz: Quali is the leading provider of Cloud Sandboxes for automating the DevOps lifecycle. We give ...
Synopsys Makes Updates to its Seeker Runtime Security Analysis Tool
Monday, August 8, 2016 by Richard Harris
Synopsys has released the latest version of its Seeker runtime security analysis solution. Seeker analyzes web application code and data flows at runtime using a technique known as an Interactive Application Security Testing (IAST), which detects and confirms exploitable security vulnerabilities and provides insight that allows developers to address their root causes. T...
IBM Security Channels Its Inner XMen with Launch of IBM XForce Red Security Division
Friday, August 5, 2016 by Stuart Parkerson
Someone in charge of naming divisions at IBM must have been a big Sci-Fi fan as is evidenced with IBM Security’s name for the a news security task force - IBM X-Force Red. Yep, that’s the name for a new group of IBM security professionals and ethical hackers whose goal is to help businesses discover vulnerabilities in their computer networks, hardware, and software...
Cloud Security Alliance Issues Mobile Application Security Testing Report
Monday, August 1, 2016 by Stuart Parkerson
The Cloud Security Alliance has released a new report surrounding its Mobile Application Security Testing Initiative. The purpose of the report is to provide the Alliance’s insight into building out a roadmap for establishing a more secure cloud ecosystem to protect mobile applications.The Alliance’s Mobile Application Security Testing (MAST) Initiative offers...
