February 2022

New in Security Labs: Kotlin & Swift Mobile Courses

Feb 28, 2022 By Saoirse Hinksmon In Veracode

This week we’ve added new Kotlin & Swift Courses to the Security Labs catalog! The update includes 4-5 Kotlin (Android) labs and 4 Swift (iOS) labs that cover common mobile security topics such as secret storage, authorization, and custom URL handling.

Read Post

Veracode

Read more about New in Security Labs: Kotlin & Swift Mobile Courses

This Month in Datadog: February 2022 (Episode 8)

Feb 24, 2022 By Datadog In Datadog

Datadog is constantly elevating the approach to cloud monitoring and security. This Month in Datadog updates you on our newest product features, announcements, resources, and events. To learn more about Datadog and start a free 14-day trial, visit Cloud Monitoring as a Service. This month we put the Spotlight on Datadog Application Security which is now in public beta.

View Video

Datadog

Read more about This Month in Datadog: February 2022 (Episode 8)

9 Things You Need to Know About Application Management

Feb 21, 2022 By Eyal Katz In Spectral

The statistics support Microsoft CEO Satya Nadella’s claim that “every company is a software company.” The average enterprise was already deploying 464 custom applications back in 2017, and that number has likely been growing for the past five years with apps designed to meet unique business needs and support daily tasks and processes as they increasingly move online.

Read Post

Spectral

Read more about 9 Things You Need to Know About Application Management

9 Things You Need to Know About Application Management

Feb 21, 2022 By Eyal Katz In Spectral

Read Post

Spectral

Read more about 9 Things You Need to Know About Application Management

SQL Injection in Today's Landscape

Feb 17, 2022 By Dustin Silveri In Veracode

A SQL injection flaw allows for an attacker to modify or inject SQL syntax into the request to make the application behave in a manner that was not initially intended. In other words, an attacker can change a database query to: Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise often. However, many frameworks and libraries are available to make database connections and queries safe.

Read Post

Veracode

Read more about SQL Injection in Today's Landscape

Create an API Specification Scan

Feb 16, 2022 By Veracode In Veracode

Traditionally Veracode Dynamic Analysis has targeted applications with a Web user interface. But increasingly, web applications are composed of many small microservices, many of which have Representational State Transfer (REST) interfaces with which the UI layer communicates. With API scanning, you can now scan the APIs of your microservices earlier in the software development process, before they are integrated into a web application.

View Video

Veracode

Read more about Create an API Specification Scan

Best practices for securing Kubernetes applications

Feb 15, 2022 By Mallory Mooney In Datadog

Cloud-based Kubernetes applications have become the standard for modernizing workloads, but their multi-layered design can easily create numerous entry points for unauthorized activity. To protect your applications from these threats, you need security controls at each layer of your Kubernetes infrastructure.

Read Post

Datadog

Read more about Best practices for securing Kubernetes applications

WhiteSource SAST: The Next Generation of Application Security

Feb 15, 2022 By Rami Sass In Mend

Today, we announced our entrance into the Static Application Security Testing (SAST) market. It’s a significant development for WhiteSource, which has until now been solely focused on open source software security. In this post, I explain why we decided to make this move beyond open source into proprietary code security, and the value it will bring to developers, security teams, and their organizations.

Read Post

Mend

Read more about WhiteSource SAST: The Next Generation of Application Security

What Is an SBOM & Why Do You Need One?

Feb 14, 2022 By John Smith In Veracode

Before we jump into definitions, let’s quickly level set on how we got here. Over the last few years, the way we build software has changed drastically. With the increasing need to move faster and release more frequently, organizations are opting to get rid of monolithic architectures and adopt a microservices architecture for greater agility, resiliency, and efficiency.

Read Post

Veracode

Read more about What Is an SBOM & Why Do You Need One?

How to cybersecurity: Gravity is a harsh mistress

Feb 11, 2022 By Jonathan Knudsen In Synopsys

I love the boundless possibilities of modern software development. Anyone with a computer and an internet connection can code. More than any other time in human history, each of us has the power to build something in software, to realize whatever we can imagine. At the same time, a thriving ecosystem of open source software components allows us to stand upon the shoulders of giants, to quickly assemble huge building blocks of existing functionality that can rocket us toward our own goals.

Read Post

Synopsys

Read more about How to cybersecurity: Gravity is a harsh mistress

Code Sight Standard Edition: Application security optimized for the needs of developers

Feb 9, 2022 By Raj Kesarapalli In Synopsys

As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense. Defects, including security defects, can often be addressed faster and more cost-effectively if they are caught early.

Read Post

Synopsys

Read more about Code Sight Standard Edition: Application security optimized for the needs of developers

Announcing the 12th Volume of Our State of Software Security Report

Feb 8, 2022 By Hope Goslin In Veracode

The 12th volume of our annual State of Software Security (SOSS) report is now live! Rather than examining a single year of activity associated with an application, in this year's report we looked at the entire history of active applications. By doing so, we can view the full life cycle of applications, which results in more accurate metrics and observations.

Read Post

Veracode

Read more about Announcing the 12th Volume of Our State of Software Security Report

Review API Scanning Prescan Results

Feb 7, 2022 By Veracode In Veracode

In this video, you will learn how to review Dynamic Analysis prescan scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

View Video

Veracode

Read more about Review API Scanning Prescan Results

Introduction to the Snyk Platform

Feb 3, 2022 By Snyk In Snyk

Cloud native development has changed the way developers both build and secure applications. Snyk’s cloud native application security platform is designed to work like a developer tool – making it not only easy to find issues, but to fix them quickly.

View Video