Security News

Chris Wysopal shared a history lesson about the evolution of application security and advice on how to make all apps more secure. Wysopal, who is Veracode's CTO and co-founder shared a short history of his time as an application security researcher, from his time with The L0ft hacker collective to testifying in front of Congress to doing security consulting with Microsoft in the early 2000s.

An alleged Russian developer for the notorious TrickBot malware gang was arrested in South Korea after attempting to leave the country. The TrickBot cybercrime group is responsible for a variety of sophisticated malware targeting Windows and Linux devices to gain access to victim's networks, steal data, and deploy other malware, such as ransomware.

Identity and access management is pushing application security past single-factor authentication and even multi-factor authentication to a risk management model says Ping Identity CEO. Identity and access management systems are making it easier for software developers to secure their applications, for employees and customers to access the tools and services they need and for companies to protect their systems and data. On a recent episode of Dynamic Developer , I spoke with Andre Durand, Founder and CEO of Ping Identity about how the changing landscape of identity and access management are affecting software development.

Elliptic Labs has announced that it certified the operation of its AI Virtual Smart Sensor Platform with the MAX98396 smart audio amplifier from Maxim Integrated Products. Elliptic Labs and Maxim Integrated are targeting next-generation smart devices to run critical and innovative user experiences, like presence detection and 3D touchless gesture sensing, on Maxim Integrated's audio amplifier technology.

ShiftLeft announced general availability of ShiftLeft Educate, a solution that delivers highly-effective security training for developers within the developer workflow. Designed in partnership with Application Security Training platform Kontra, ShiftLeft Educate provides consistent and contextual training for developers of different skill levels, enabling them to quickly learn security best practices and fixes for issues currently in their code.

Engineering teams need a leader, a Developer Experience Engineer, who ensures developers have the right tools, processes, and environment to maximize productivity and create the greatest business value possible. The role of the Developer Experience Engineer becomes ever more important to create efficiencies and shared practices between ambitious and energized teams.

To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators - without the overhead of processing or storing user data. The Zero Trust model of identity verification essentially means never trusting that a returning user is whom they claim to be, regardless of their location or previous successful attempts.

Contrast Security announced its integration with Secure Code Warrior to deliver just-in-time security contextual micro-learning modules to enhance developers' skills to easily fix vulnerabilities without the need of a security team. Recognizing that traditional security training models simply do not scale and provide developers with the just-in-time training demanded by modern software development life cycle, Contrast and Secure Code Warrior have partnered for just-in-time approach that empowers developers to develop secure coding skills while they write and release code.

LoginID announced additional SDK options for developers. These SDKs empower developers to integrate FIDO strong authentication into their websites or apps.

Google on Monday announced new security measures for developer accounts on Google Play, meant to ensure that each account is created by a real person. Google Play, which provides access to millions of Android applications and games, has been abused by threat actors for the distribution of malware, and Google is looking for new ways to strengthen the security of both developers and users.