Waterfall, Agile, DevOps... it seems that every few years, a new methodology is born for optimum software creation within an organization. While these processes all have their strengths and weaknesses, the streamlining (and, er, previously absent red tape) they bring can feel like somewhat of a hindrance to the main...
The past year has been marked by economic uncertainty stemming from the global pandemic, which has also created an expanded remote workforce and broadened the attack landscape.
Because 2020 wasn't already exciting enough, now we have to worry about being hunted by adversaries wielding FireEye's penetration testing tools, thanks to the company having suffered a big, bad breach. Here's a list of targeted flaws that every organization should ensure they've patched.
Many applications use open source components, which can make it challenging to pinpoint any security issues. How can organizations gain better visibility of risks?
What privacy and security issues are raised by patients using smartphone apps to access health records? Attorney Helen Oscislawski and security expert Jarrett Kolthoff offer an analysis.
Contact-tracing apps are continuing to take shape around the world as the COVID-19 pandemic continues. Using privacy-by-design principles is critical to building trust in these apps, says privacy expert Ann Cavoukian.
Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that. Those are just two takeaways from a new report that describes how nine organizations were inadvertently exposing health records for at least 150,000 patients.
It's a myth that organizations with legacy systems cannot implement DevSecOps, says Md.Mahbubul Alam Rafel, head of information security at Prime Bank in Bangladesh.
Applications will remain a top external attack vector even if the best security controls in cloud and network are in place. And while IAM protects against some of the top attacks, Shiven Ramji of Auth0 says a company still needs to keep building more apps at an ever increasing pace to stay competitive.
The number of reported vulnerabilities found in open source software more than doubled in 2019 to almost 1,000, with projects such as Magento, GitLab, and Jenkins posting the largest increases, according to security firm RiskSense.
To achieve better network visibility, security practitioners must improve their knowledge of tools that support web services, containers and the evolution of development practices, says Ed Moyle, co-founder of the cybersecurity advisory firm Security Curve.
DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.
Many governments are pursuing contact-tracing apps to combat COVID-19, but such projects risk subjecting populations to invasive, long-term surveillance - as well as insufficient adoption - unless they take an open, transparent and as decentralized approach, says cybersecurity expert Alan Woodward.
As businesses face pressure to release software faster, security is unfortunately not keeping pace, says Anthony Bettini of WhiteHat Security, who reviews DevSecOps challenges.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
