APIs represent the best and worst of times - "massive amounts of business value, but massive amounts of unmitigated risk," says Richard Bird, CSO, Traceable AI. In the past year, misconfigured or error-prone APIs resulted in high-profile breaches at Twitter and T-Mobile. He sees more on the horizon.
In early 2020, an ambitious group of developers assembled to tackle the biggest cybersecurity challenge they had ever encountered – securing the software supply chain. They founded Phylum and got to work. Fast forward to today: it’s been about a year since Phylum launched its software supply chain security...
Organizations must grapple with software development happening at a faster pace than ever as well as an exponential increase in attacks on the software layer. Contrast Security has therefore developed new technology to secure code that's deployed quickly to the cloud, CEO Alan Naumann says.
Authentication, that foundational control upon which virtually all other cybersecurity measures rely, tends to be a complex, cumbersome workload in the enterprise. Using multiple solutions creates silos – and ultimately inefficient administration, end-user frustration, and risk.
Contemporary enterprises are...
Please join us for our Prisma Cloud Security Briefing to learn how Palo Alto Networks Prisma® Cloud can enable your organization to secure multicloud, hybrid and microservice environments with a single tool.
Prisma® Cloud is the industry’s most comprehensive cloud-native application protection platform(CNAPP)...
With rising customer expectations and increasing threats along with fast moving technology, today every company is a technology company - with security, availability, reliability, performance, and scalability their key concerns.
Organizations today need to scale applications and manage more traffic, address...
Resiliency is a core topic in OWASP's Mobile Application Security Verification Standard. What's the key context to know? Dan Shugrue of Digital.ai discusses how to deepen a DevSecOps program by training application owners in code obfuscation, anti-tamper, RASP and monitoring.
In a interview with Information...
Snyk hauled in nearly $200 million just weeks after laying off 198 employees but had to slash its valuation by $1.1 billion to seal the deal. The company intends to use the Series G proceeds to enhance and expand its developer security platform through both organic investments and acquisitions.
Serverless adoption is rising rapidly. Recently, AWS released a new feature called Lambda function URLs. This feature enables configuring HTTP endpoints, to directly invoke lambda functions, without going through AWS API Gateway and other infrastructure. This means that other AWS services do not have to be provisioned...
Serverless architecture promises no infrastructure overhead, pay-as-you-go pricing, automated scale, and quick development and deployment. The implication is that less operational overhead translates to less complexity, less risk, and less worry. But serverless applications and environments are far from flawless,...
Software has increasingly relied on components developed by third parties or from open-source libraries, which Aqua Security CEO Dror Davidoff says injects additional risk. On-premises environments are still managed in more traditional ways, with the development and production phases totally siloed.
The SolarWinds attack in December 2020 put software supply chain security on the radar of many organizations, and new threats have been rapidly multiplying ever since. But surveys show that 71% of security professionals have misconceptions about what effective software supply chain security entails and have yet to...
Resiliency is a core topic in OWASP's Mobile Application Security Verification Standard. What's key context to know? Dan Shugrue of Digital.ai discusses how to deepen a DevSecOps program by training developers in code obfuscation, anti-tamper, RASP and monitoring.
As the pace of software development increases along with cloud migration to support it, organizations must take a new approach to security. DevSecOps—integrating security processes into the DevOps pipeline—can help organizations rapidly deliver secure and compliant application changes while running operations...
Palo Alto Networks will make its first major acquisition in nearly two years, scooping up application security startup Cider Security for $250 million. The Silicon Valley-based platform security behemoth will fork over $194.6 million of cash as well as $55.4 million of replacement equity for Cider.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.