Security teams need to plan and prepare for a consistent security and compliance posture across a larger, more fluid ecosystem in the cloud. To cover the additional attack surface, it's important to know all the nooks and crannies, and what operates within them. One of these operators are the App Dev teams that...
The number of reported vulnerabilities found in open source software more than doubled in 2019 to almost 1,000, with projects such as Magento, GitLab, and Jenkins posting the largest increases, according to security firm RiskSense.
To achieve better network visibility, security practitioners must improve their knowledge of tools that support web services, containers and the evolution of development practices, says Ed Moyle, co-founder of the cybersecurity advisory firm Security Curve.
DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.
Failing to secure software and protect customer privacy is a huge business risk. However, building secure software is perceived as a time-consuming process requiring the expertise of security professionals. These experts need to work with developers daily, regularly test codes and provide guidance on secure coding...
Many governments are pursuing contact-tracing apps to combat COVID-19, but such projects risk subjecting populations to invasive, long-term surveillance - as well as insufficient adoption - unless they take an open, transparent and as decentralized approach, says cybersecurity expert Alan Woodward.
DevOps and the CI/CD pipeline are revolutionizing application development, test, and cloud delivery, enabling developers to write the application code and define the cloud infrastructure. But this has left many cloud security teams relying on "runtime" security.
Read this guide to learn:
The four primary DevOps...
To better understand the state of web application security, Radware commissioned a third annual global survey of senior executives, security researchers, application developers and IT professionals at companies with worldwide operations.
Download this survey report to better understand how the adoption of...
RSA 2020 touched on a number of topics, including the security of elections and supply chains, plus AI, zero trust and frameworks, among many others. But from sessions on cryptography, to this year's lower attendance, to the antibacterial dispensers dotted around venues, concerns over COVID-19 also dominated.
Software development over the past decade: The good news is that more organizations than ever have secure software development practices in place, says Chris Eng, chief research officer at Veracode. But the bad news is that many of the same flaws - including injection vulnerabilities - persist.
Containers are becoming more popular, but how do you deal with the security challenges of using containers?
You have to secure the application, the code, the web server and the host itself.
And how do you do this at the speed of DevSecOps?
Join Tim Chase, Director of Information Security at Healthstream, as he...
DevSecOps has taken the world by storm. Ever since the DevSecOps philosophy stepped into the limelight in the past few years, a growing number of organisations are trying to ensure their businesses are set up with the security in mind (and practice) from the get-go.
In theory, the concept is great. In practice?...