Security News

Checkmarx released the UK findings of its report which found that 45% of organizations have suffered at least two security breaches as a direct result of a vulnerable application. Alongside this, the report discovered 34% of UK organizations who had experienced a security breach relating to an application in the year preceding the survey have laid off employees seen as bearing responsibility.

Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. The botnet - not to be confused with a 2008 botnet of the same name - is perpetuated using SmokeLoader, which chiefly acts as a loader for next-stage malware, allowing it to quickly scale in size and expand its network.

"It is no longer sufficient to scan software as a pre-production step in the last phase of the software development lifecycle. Just as software is now deployed continuously, scanning using a variety of testing tools must also happen continuously as a fully integrated part of the process," said Chris Wysopal, CTO at Veracode. Continuous security testing using multiple scanning types is fast becoming the norm as organizations recognize the need to analyze the software they build across multiple dimensions.

One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they're building as part of the automated development lifecycle, rather than relying on security or ops teams configuring policies for them after they are built. With low code applications, developers can save time otherwise spent on learning security standards and policies in detail and spend more of their time on the core business.

Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and remaining remote, a tool-based code review process offers the best advantage, as indicated by 80% of satisfied respondents.

Satori shared its predictions for the near future of cloud-based transformation, detailing three major developments to watch for in the world of data governance and operational security over the course of 2022. With more data being moved to the cloud, new opportunities arise, as data can be easily connected with various cloud-based services, including BI, analytics and AI, ultimately delivering richer insights for data scientists, analysts and business users.

Serverless is revolutionizing software development, allowing organizations to produce applications which consume cloud resources only when they need to. So it might come as a shock that while 70 per cent of respondents to the State of Serverless Application Security Report have six or more teams working on serverless development, they are also building up a worrying "Serverless security debt".

A Censuswide report reveals the biggest security challenges that application security managers and software developers are facing within their organizations in today's threat landscape. Despite multiple breaches in the last year due to vulnerable applications, 81% of developers remained confident in their ability to build a secure product, showcasing a commitment to selecting the proper tools to protect their organizations.

The report also assesses the technologies, capabilities, and anticipated communications and computing solutions beyond 5G. The report provides analysis for leading 5G and edge computing supported applications and services along with forecasting from 2021 to 2025, and in some cases, through 2030. The combination of 5G and edge computing will lead a revolution in application development.

The stamp the administration plans to introduce to allow the public and the government to determine if the software was developed securely may cause developers to re-examine their environments and improve the overall security standard of applications. Software development security is everyone's responsibility.