Security News
Single sign on provider Okta is opening its platform to third-party developers with a new Okta Devices SDK and an accompanying API that it said will allow developers to "Leverage the power of Okta Verify to build customized, secure, and seamless login experiences for their customers." Announced at Okta Showcase 2020, the new SDK was built for a mobile-first world that Okta said requires organizations to constantly deliver new bespoke and custom-tailored experiences for customers.
DigitalOcean announced DigitalOcean App Platform, a new platform as a service offering that automates infrastructure management so developers can deploy their code to production in just a few clicks. "With millions of businesses started in the cloud each year, developers need a simple, fast and scalable way to ship the apps that power their ideas," said Apurva Joshi, VP of Product, DigitalOcean.
To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track down other exploits developed by them. "Instead of focusing on an entire malware and hunting for new samples of the malware family or actor, we wanted to offer another perspective and decided to concentrate on these few functions that were written by an exploit developer," Check Point Research's Itay Cohen and Eyal Itkin noted.
Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.
Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens. These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.
75% of AppSec practitioners and 49% of developers believe there is a cultural divide between their respective teams, according to ZeroNorth. Understanding the cultural divide and its implications Developer and AppSec practitioners don't agree on which function is responsible for the security of applications.
Thirty-nine percent of developers said the security team is responsible for securing apps, while 67% of AppSec practitioners said their teams are responsible, according to a new study. Seventy-five percent of application security practitioners and 49% of developers believe there is a cultural divide between their respective teams that could increase organizational risk, according to a new study by the Ponemon Institute and ZeroNorth, a provider of risk-based vulnerability orchestration across applications and infrastructure.
Microsoft has open-sourced OneFuzz, its own internal continuous developer-driven fuzzing platform, allowing developers around the world to receive fuzz testing results directly from their build system. Fuzzing is an automated software testing technique that involves entering random, unexpected, malformed and/or invalid data into a computer program.
After a short lesson in internet history, the author puts the reader in the shoes of the attacker and explains how simple it is to hack a website, as well as how easy it is to obtain and apply hacking tools. The author proceeds to offer basic knowledge about how the internet, browsers, web servers and programmers work.
Boston-based developer security company Snyk on Wednesday announced that it has raised $200 million in a Series D funding round, valuing the firm at more than $2.6 billion. Snyk earned unicorn status in January 2020, after it raised $150 million in a Series C funding round.