Security News
Cloudreach released data highlighting the latest cloud technology trends, underscoring the impact the cloud skills gap is having on businesses. Multi-cloud capabilities, cloud system development, and cloud governance were the top three areas most impacted by the skills gap, according to respondents.
The report shows that the most successful engineering teams routinely meet four key benchmarks. By setting up a robust test suite, you can confidently rely on your tooling no matter the time of year, allowing teams to thrive and innovate even when team members are out of office.
Checkmarx released the UK findings of its report which found that 45% of organizations have suffered at least two security breaches as a direct result of a vulnerable application. Alongside this, the report discovered 34% of UK organizations who had experienced a security breach relating to an application in the year preceding the survey have laid off employees seen as bearing responsibility.
Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. The botnet - not to be confused with a 2008 botnet of the same name - is perpetuated using SmokeLoader, which chiefly acts as a loader for next-stage malware, allowing it to quickly scale in size and expand its network.
"It is no longer sufficient to scan software as a pre-production step in the last phase of the software development lifecycle. Just as software is now deployed continuously, scanning using a variety of testing tools must also happen continuously as a fully integrated part of the process," said Chris Wysopal, CTO at Veracode. Continuous security testing using multiple scanning types is fast becoming the norm as organizations recognize the need to analyze the software they build across multiple dimensions.
One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they're building as part of the automated development lifecycle, rather than relying on security or ops teams configuring policies for them after they are built. With low code applications, developers can save time otherwise spent on learning security standards and policies in detail and spend more of their time on the core business.
Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and remaining remote, a tool-based code review process offers the best advantage, as indicated by 80% of satisfied respondents.
Satori shared its predictions for the near future of cloud-based transformation, detailing three major developments to watch for in the world of data governance and operational security over the course of 2022. With more data being moved to the cloud, new opportunities arise, as data can be easily connected with various cloud-based services, including BI, analytics and AI, ultimately delivering richer insights for data scientists, analysts and business users.
Serverless is revolutionizing software development, allowing organizations to produce applications which consume cloud resources only when they need to. So it might come as a shock that while 70 per cent of respondents to the State of Serverless Application Security Report have six or more teams working on serverless development, they are also building up a worrying "Serverless security debt".
A Censuswide report reveals the biggest security challenges that application security managers and software developers are facing within their organizations in today's threat landscape. Despite multiple breaches in the last year due to vulnerable applications, 81% of developers remained confident in their ability to build a secure product, showcasing a commitment to selecting the proper tools to protect their organizations.