security vulnerabilities

security vulnerabilities news search results

Developer news items we found relating to security vulnerabilities

35 results
GitLab-acquires-Peach-Tech-and-Fuzzit

GitLab acquires Peach Tech and Fuzzit


Friday, June 12, 2020 by

GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...


Iowa-caucus-app-woes-from-a-developer-perspective

Iowa caucus app woes from a developer perspective


Friday, February 21, 2020 by

Whether the issues behind the Iowa Democratic Caucus app debacle were specific to UX, connectivity, traffic, or just good ol’ fashioned reluctance to embrace the technology, the ramifications of this mess will be felt for a long time – the hanging chad of the new decade. So are apps out? Absolutely not, but things are going to have to change. Applications...


Gitlab-12.0-released

Gitlab 12.0 released


Friday, June 28, 2019 by

GitLab is releasing 12.0 to help enterprises transform and accelerate DevOps adoption by bringing developers, operations professionals, and the security team together in the first single application for the entire DevSecOps lifecycle. With the 12.0 release, GitLab is building upon security features recently released - such as security dashboards, auto remediation and se...


Blockchain-development-with-strong-APIs

Blockchain development with strong APIs


Monday, January 21, 2019 by

2018 was the year of blockchain “pilot” projects - where companies began to truly explore all of the possibilities of the technology. For example, in PwC’s 2018 survey of 600 executives, 84 percent said their organizations had at least some involvement with blockchain technology - but only 15 percent reported having gone live. As we jump into 2019, ...


UN-commission-sets-cyber-security-regulations-for-Europe

UN commission sets cyber security regulations for Europe


Wednesday, January 9, 2019 by

The United Nations Economic Commission for Europe (UNECE) has confirmed it will integrate the widely used ISA/IEC 62443 series of standards into its forthcoming Common Regulatory Framework on Cybersecurity (CRF). The CRF will serve as an official UN policy position statement for Europe. At its recent annual meeting in Geneva, UNECE’s Working Party on Regulatory...


Gamification-can-transform-your-software-security-program

Gamification can transform your software security program


Tuesday, December 18, 2018 by

No matter the organization, or indeed their individual circumstances, there is one problem I have identified time and time again over the course of my career: AppSec managers, CISOs, CIOs and cybersecurity experts all over the world are rarely able to positively engage their dev teams on security best practice and training. It’s a source of conflict between teams,...


IAST-supports-AppSec-efficiencies-while-cutting-costs-and-headaches

IAST supports AppSec efficiencies while cutting costs and headaches


Monday, November 26, 2018 by

It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....


Single-Page-Application-security-help

Single Page Application security help


Tuesday, October 23, 2018 by

Single-page applications, or SPAs, are web apps that load a single HTML page and dynamically update that page as the user interacts with the app. Their origins are unclear but the concept was discussed as early as 2003 according to the archives on Wiki. SPAs use AJAX and HTML5 to create fluid and responsive Web apps, without constant page reloads - that literally means,...


Open-Source-security-comes-to-GitHub

Open Source security comes to GitHub


Thursday, August 16, 2018 by

Sonatype announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source security governance, free of charge. Powered by Sonatype’s OSS Index, DepShield integrates directly into GitHub repositories and allows developers to easily identify and avoid using open source components with known vulnerabilities. “The...


FTP-vulnerabilities-and-what-you-can-do

FTP vulnerabilities and what you can do


Thursday, May 24, 2018 by

File Transfer Protocol or (FTP) for short is old, and when I say old - I mean 1971 old when it was initially published as RFC 114. It defines a way clients can transfer files to a server. Typically gated with a password and either sent clear text, or over SSL/TLS/SFTP, it’s a rock solid way to get files sent to their destination and is widely supported. But in today’s w...


npm@6-package-manager-brings-new-security-features

npm@6 package manager brings new security features


Wednesday, April 25, 2018 by

npm, Inc. has announced npm@6, a major update to its JavaScript software installer tool with new security features for developers who work with open source code. npm@6 will be included as part of the Node.js v10.x release line, and leverages the assets of the Node Security Platform, the definitive source of JavaScript vulnerabilities, recently acquired by npm, Inc.In an...


Sonatype-expands-firewall-to-stop-dev-vulnerabilities

Sonatype expands firewall to stop dev vulnerabilities


Friday, March 9, 2018 by

Sonatype has announced that the Nexus Firewall is now available to support the more than 10 million developers currently using the open source version of Nexus Repository. Previously only available to commercial users of Nexus Repository Pro, the newest version of Nexus Firewall gives all Nexus Repo users the ability to automatically stop vulnerable open source componen...


Rethinking-DevOps-as-DevSecOps

Rethinking DevOps as DevSecOps


Thursday, October 12, 2017 by

If you’re not already thinking right now that your DevOps teams should be run like a DevSecOps team, you may already be in a world of hurt. Time to wake up! As the adoption of APIs continues to grow, so do the risks to organizations that don’t actively test the security of their solutions. Modern Agile development frameworks have changed the way engineering teams produc...


Kony-introduces-us-to-AppPlatform-V8

Kony introduces us to AppPlatform V8


Thursday, August 24, 2017 by

Businesses big and small are feeling the mounting pressure of increasing demand by their clients, employees and partners for mobile apps. Many of them struggle to meet this demand. Especially with limited budgets and lack of in-house developer skills, which seem to be the biggest hurdles.To help solve this mobile app dilemma, Kony recently launched its Kony AppPlatform ...


Veracode-announced-two-new-key-integrations

Veracode announced two new key integrations


Friday, August 11, 2017 by

Veracode, a software security company acquired by CA Technologies, has announced the Veracode HPE Application Lifecycle Manager (ALM) Flaw Synchronizer Plug-in, which empowers development and QA/release engineers to fix security vulnerabilities early in the Software Development Lifecycle (SDLC). The company also announced an enhanced integration to the Veracode Applicat...


Why-runtime-application-selfprotection-is-critical-for-app-security

Why runtime application selfprotection is critical for app security


Tuesday, June 20, 2017 by

Today most of us go about implementing security from the outside in. The common practice is to start by defining a perimeter and trying to defend it with various security tools. Even though perimeters have been porous for more than a decade, we still can’t give up this notion that if we build a better wall we can keep our enterprises safer.Certainly that is where most e...


The-Netflix-hack:-A-chat-about-securing-your-company

The Netflix hack: A chat about securing your company


Wednesday, May 10, 2017 by

As the digital transformation progresses onwards, the unfortunate side effects are becoming blatantly obvious in the news. It seems like every other day that some new big box company, political party, or individual has their information compromised. But even though only the few biggest companies get the real media attention, hundreds of millions of hacking attempts are ...


Catching-up-with-Red-Hat-Mobile-to-talk-about-low-code-in-the-enterprise

Catching up with Red Hat Mobile to talk about low code in the enterprise


Tuesday, April 25, 2017 by

Low code is a movement that has emerged in the marketplace in recent times, not only for mobile but also for business process management (BPM) and other application development areas. What company can resist the pull of low-cost and relatively fast development times? Especially when it's as simple as a drag and drop gesture away. So it's not surprising that many big nam...


WhiteSource-Bolt-detects-vulnerable-open-source-components

WhiteSource Bolt detects vulnerable open source components


Thursday, March 30, 2017 by

WhiteSource, a continuous open source security and compliance management company, has announced the launch of a new open source management tool integrated within the Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS) platforms - the WhiteSource Bolt (Bolt).Bolt is fully immersed within the VSTS and TFS products, so users can detect vulnerable ...


The-biggest-delays-in-digital-transformation-initiatives

The biggest delays in digital transformation initiatives


Tuesday, March 14, 2017 by

We recently caught up with Robert Reeves, co-founder and CTO of Datical, a provider of database release automation solutions, on the findings of a recent survey - conducted by IDG and commissioned by Datical - that reveal the biggest delays in digital transformation initiatives. ADM: When on the road to digital transformation, what causes the biggest speed bumps?Reeves:...


The-growing-gap-between-the-speed-of-business-and-the-pace-of-software-development

The growing gap between the speed of business and the pace of software development


Monday, October 17, 2016 by

The rapid pace of business today is only increasing, which means companies need quick access to effective, flexible and scalable technology in order to succeed. IT organizations are simply struggling to keep up with this growing demand for business applications, which can’t be developed fast enough, updated often enough, or maintained well enough. It’s a com...


SourceClear-launches-integrations-across-Atlassian-stack

SourceClear launches integrations across Atlassian stack


Thursday, October 13, 2016 by

SourceClear is launching integrations across the Atlassian stack, including Bitbucket Pipelines, JIRA Server, JIRA Cloud, and Bamboo adding a critical layer of security to Continuous Delivery. In addition to Atlassian, SourceClear will bring secure continuous delivery to Travis CI, CircleCI, and CodeShip as well.These new integrations bring automated security checks int...


Security-First:-5-tips-for-building-a-secure-mobile-app-from-the-ground-up

Security First: 5 tips for building a secure mobile app from the ground up


Wednesday, October 5, 2016 by

With more than two billion smartphone users worldwide, the app market has exploded — along with risks. Mobile app developers are still struggling to make security a priority and by 2017, cyber-attacks via vulnerable apps are anticipated to account for 75% of all mobile security breaches. Given what's at stake, it's critical that developers build apps that are &ldq...


Iris-Scanning-and-the-Future-of-Mobile-Security

Iris Scanning and the Future of Mobile Security


Wednesday, September 14, 2016 by

The promise of iris scan technology has been shown in sci-fi movies for decades. Various governments use it to secure borders, defense facilities, banks use it to authenticate high value transactions, secure access to safes and vaults. Recent advancements in the evolving mobile biometrics field has brought iris recognition technology to our hands – to our mobi...


Swift-Programmers-Using-Checkmarx-Can-Now-Detect-Security-and-Code-Flaws

Swift Programmers Using Checkmarx Can Now Detect Security and Code Flaws


Wednesday, September 7, 2016 by

Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now even considering implementing Swift as a “first class” language for Android. Facebook and Uber are exploring ways to make Swift more central to their operations, while IBM, ...


Checkmarx-Tells-Us-Why-App-Developers-Should-Care-About-App-Security

Checkmarx Tells Us Why App Developers Should Care About App Security


Thursday, August 18, 2016 by

We recently had a conversation with Emmanuel Benzaquen at Checkmarx to talk about how they are able to scrutinize code with a fine-toothed comb and find vulnerabilities early and why other developers need to be doing the same. With clients such as Coca-Cola, SAP, and Salesforce, they seem to be carving out a niche for application security in the crowded tech-s...


Quali-Tells-Us-What-the-Coolest-Thing-About-Sandboxing-Is

Quali Tells Us What the Coolest Thing About Sandboxing Is


Friday, August 12, 2016 by

Getting good quality software to the market fast is a big challenge, so we recently sat down with Joan Wrabetz, CTO of Quali to chat about Cloud Sandboxing, Community and the Hottest New Release for Full-Stack Application Environments.ADM: Tell me a little about Quali?Wrabetz: Quali is the leading provider of Cloud Sandboxes for automating the DevOps lifecycle. We give ...


Enterprise-Mobile-Threat-Update-for-Q3-2016-Arrives

Enterprise Mobile Threat Update for Q3 2016 Arrives


Thursday, August 11, 2016 by

Appthority has released it Enterprise Mobile Threat Update for Q3 2016, which provides insight into the mobile threat landscape over the last quarter.Appthority’s Enterprise Mobile Threat Team monitors and researches the latest mobile risks that are direct threats to the enterprise. The data is compiled into the quarterly Enterprise Mobile Threat Update, aimed at provid...


Synopsys-Makes-Updates-to-its-Seeker-Runtime-Security-Analysis-Tool

Synopsys Makes Updates to its Seeker Runtime Security Analysis Tool


Monday, August 8, 2016 by

Synopsys has released the latest version of its Seeker runtime security analysis solution. Seeker analyzes web application code and data flows at runtime using a technique known as an Interactive Application Security Testing (IAST), which detects and confirms exploitable security vulnerabilities and provides insight that allows developers to address their root causes. T...


MWR-InfoSecurity-Develops-a-New-Kernel-Fuzzer-to-Identify-OS-Security-Vulnerabilities

MWR InfoSecurity Develops a New Kernel Fuzzer to Identify OS Security Vulnerabilities


Saturday, August 6, 2016 by

MWR InfoSecurity has announced a new kernel fuzzer implemented to run across Microsoft Windows and POSIX based operating systems. MWR’s kernel fuzzer provides the ability to identify and report OS security vulnerabilities, lowering the attack surface and helping to  secure current operating systems.The company points to the fact that kernels are often targeted by a...


IBM-Security-Channels-Its-Inner-XMen-with-Launch-of-IBM-XForce-Red-Security-Division

IBM Security Channels Its Inner XMen with Launch of IBM XForce Red Security Division


Friday, August 5, 2016 by

Someone in charge of naming divisions at IBM must have been a big Sci-Fi fan as is evidenced with IBM Security’s name for the a news security task force - IBM X-Force Red. Yep, that’s the name for a new group of IBM security professionals and ethical hackers whose goal is to help businesses discover vulnerabilities in their computer networks, hardware, and software...


Cloud-Security-Alliance-Issues-Mobile-Application-Security-Testing-Report

Cloud Security Alliance Issues Mobile Application Security Testing Report


Monday, August 1, 2016 by

The Cloud Security Alliance has released a new report surrounding its Mobile Application Security Testing Initiative. The purpose of the report is to provide the Alliance’s insight into building out a roadmap for establishing a more secure cloud ecosystem to protect mobile applications.The Alliance’s Mobile Application Security Testing (MAST) Initiative offers...


SmartBear-Adds-.NET-Framework-Functionality-to-Its-API-Testing-Framework

SmartBear Adds .NET Framework Functionality to Its API Testing Framework


Wednesday, July 27, 2016 by

SmartBear Software has announced that API developers using Visual Studio to build software using the open source .NET Framework can now utilize the SmartBear’s Ready! TestServer API testing framework.In April SmartBear announced similar support for Java developers using tools like Eclipse, IntelliJ and others. With the .Net announcement developers can now use the open s...


JFrog-Releases-Universal-Artifact-Analysis-DevOps-Tool-

JFrog Releases Universal Artifact Analysis DevOps Tool


Thursday, July 7, 2016 by

JFrog has announced the general availability of its universal artifact analysis product, JFrog Xray, which works with all software package formats and a multitude of databases. The solution deeply and recursively scans every type of binary component ever used in a software project and points out changes or issues impacting the production environment.The combination of v...


The-Impact-of-BYOD-on-Developers

The Impact of BYOD on Developers


Friday, July 1, 2016 by

From Security Research Labs breaking into a phone within seconds on 60 Minutes earlier this year to the Apple/FBI debacle, it’s increasingly clear that enterprises have varying levels of device security protocols in place. Surprisingly, the responsibility of ensuring vital data remains secure, especially as BYOD policies and a mobile-first workforce become the norm...