State of software security: What 2017 taught us
By: Veracode, Inc. View more from Veracode, Inc. >>
Download this next:
DevSecOps delivers better business
By: TechTarget ComputerWeekly.com
Type: eGuide
Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it’s time for you to find out how and why.
These are also closely related to: "State of software security: What 2017 taught us"
-
Application security: best practices and risks
By: TechTarget ComputerWeekly.com
Type: eGuide
Understanding the source of potential threats to applications is step one. Security professionals need to anticipate vulnerabilities from all the right perspectives, and that means testing apps for flaws on a regular basis, whether that means monthly, quarterly or following updates. Check out this e-guide, which include application security best practices, threat identification and security testing tips.
-
Application security: More important than ever
By: TechTarget ComputerWeekly.com
Type: eGuide
The security of business applications is often overlooked, despite the fact that exploitation of
vulnerabilities in software is one of the key attack methods of cyber criminals and that
application breaches account for the majority of reported security incidents. But as traditional
software and cloud-based, web and mobile applications play an increasingly important role in
business and with applications associated with devices making of the internet of things set to
explode, application security has never been more important than it is now.While much of the responsibility lies with application developers to avoid common, exploitable
coding practices and design secure code in the absence of any legislation in this area, there
is much that businesses can and should do to mitigate the application security risk, including
security testing all applications used by the business, reviewing source code, and layering a
broad range of security controls to enhance visibility, alerting and real-time blocking.
Find more content like what you just read:
-
CW Benelux February 2018
By: TechTarget ComputerWeekly.com
Type: Ezine
In this issue, read about how and why one public sector IT professional in the Netherlands, Victor Gevers, took a whole year out to hack ethically and, in the process, unearthed about 1,000 vulnerabilities.
-
Proactive Security: Software vulnerability management and beyond
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide we discover why modern security professionals are moving to a more pro-active approach to cyber defence, and how managing vulnerabilities is a key element of that.
-
Quarterly cyber threat bulletin: 5 threats in 2024
By: Coalition
Type: White Paper
In this Quarterly Cyber Threat Bulletin from Coalition, learn about 5 prevalent threats targeting organizations in 2024 – and how you can defend against them.
-
IDC TechBrief: Interactive Application Security Testing
By: Contrast Security
Type: White Paper
With modern application development operating at break-neck speeds, DevOps teams pressured by deadlines are often forced to compromise security for efficiency’s sake. This white paper examines the benefits of using interactive application security testing to mitigate the security risk and complexities of using DevSecOps. Read on to learn more.
-
CW ASEAN: Time to dial up defences
By: TechTarget ComputerWeekly.com
Type: Ezine
In this month's issue of CW ASEAN, we take a closer look at ASEAN's patchy cyber security landscape, including varying levels of cyber resilience across the region, cyber security strategies adopted by different countries, as well as efforts to improve cyber capabilities and foster greater collaboration in the common fight against cyber threats.
-
Moving beyond traditional AppSec: The growing software attack surface
By: ReversingLabs
Type: White Paper
According to findings from ReversingLabs’ recent study, software supply chain threats rose 1300% between 2021 to 2023. This buyer’s guide to supply chain security analyzes the current state of supply chain attacks and distills the analysis into actionable information you can use to choose an offering. Download now to learn more.
-
Infographic: 5 essential open source cybersecurity tools for 2022
By: TechTarget ComputerWeekly.com
Type: Infographic
There are countless open source cybersecurity tools available in the market and some of them have become essential for finding vulnerabilities in 2022. In this infographic, we highlight five tools that have proven to be highly efficient and reliable and can be combined with other tools to help build up your defences.
-
Designing your Kubernetes security strategy
By: Palo Alto Networks
Type: eBook
Download this e-book to learn how to design a security strategy that reinforces, rather than hinders, the rest of your Kubernetes-based processes.
-
What should you ask a pentesting service provider?
By: Trustwave
Type: White Paper
To augment their security stances, many organizations have partnered with a penetration testing (pentesting) service provider. Is your business considering doing the same? Step in “11 Questions to Ask Your Pentesting Service Provider,” a white paper that can guide your market exploration. Read now to unlock insights.
-
Comprehensive cloud security for AWS, Azure, and GCP
By: Tenable
Type: White Paper
Secure your cloud infrastructure with a comprehensive Cloud-Native Application Protection Platform (CNAPP). See how Tenable Cloud Security can unify asset discovery, risk analysis, threat detection, and compliance to minimize your cloud attack surface. Download the white paper to learn more.
-
How to escape the AppSec tool swamp
By: Contrast Security
Type: eBook
Discover in this e-book how a unified AppSec platform that provides continuous and comprehensive security across the software development life cycle can free your organization from the “tool swamp”.
-
Web security: Important but often overlooked
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.
-
Discover vulnerabilities & strengthen your security posture
By: CBTS
Type: White Paper
In this white paper, learn about how penetration testing can help you discover security weaknesses, evaluate response capabilities and get recommendations to strengthen your security posture.
-
App Sec Tools Need a Software Supply Chain Security Upgrade.
By: ReversingLabs
Type: White Paper
Learn why traditional application security testing tools alone leave your organization exposed to supply chain attacks — and how software supply chain security tools represent an evolution of traditional application security tools, ensuring end-to-end software security.
-
An overview of attack surface management (ASM)
By: Palo Alto Networks
Type: eBook
With more cloud environments and digital assets in play than ever before, the enterprise attack surface has become increasingly complex and difficult to manage. This Attack Surface Management (ASM) for Dummies, e-book presents a coherent overview of ASM. Download now to unlock the extensive e-book and all the insights contained within it.
-
Print security: An imperative in the IoT era
By: TechTarget ComputerWeekly.com
Type: Analyst Report
Analyst group Quocirca gives the perspective on the risks and best practices of print security.
-
Computer Weekly – 16 January 2018: How to fix the Meltdown and Spectre chip flaws
By: TechTarget ComputerWeekly.com
Type: eBook
In this week's Computer Weekly, as CIOs come to terms with the Meltdown and Spectre processor flaws that make every computer a security risk, we examine how to protect your IT estate. We find out how Alexa-style smart speakers can help with CRM strategies. And we look at how the public sector is implementing DevOps. Read the issue now.
-
Computer Weekly – 19 December 2023: The ransomware threat to UK critical infrastructure
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week's Computer Weekly, a parliamentary report warns that a lack of ransomware preparedness at the highest levels of government is leaving UK critical national infrastructure dangerously exposed – we analyse the risks. We also examine how AI tools are helping to enhance cloud security. Read the issue now.
-
Computer Weekly – 21 August 2018: Delivering the potential of the internet of things
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week's Computer Weekly, we hear from early adopters of internet of things technologies about how to deliver on the potential of IoT. We examine strategies for combining hyper-converged infrastructure and cloud storage to best effect. And we find out how the UK government intends to use data to improve Britain's railways. Read the issue now.
-
AWS Differences between Active and Passive IAST and how to get the best of both worlds
By: Contrast Security
Type: White Paper
Interactive Application Security Testing (IAST) is a relatively new technology that has caused a lot of confusion for not being clearly explained. This article sets out to clear the air. It will explain:What is IAST?What’s the difference between Active IAST & Passive IAST? Which approach is better for you?Access the paper here.
-
Next-generation DAST: Introducing interactive application security testing (IAST)
By: Contrast Security
Type: White Paper
While dynamic application security testing (DAST) has been a go-to AppSec testing technique for decades, it is not without its drawbacks. This is where interactive application security testing (IAST) comes into play, building off of DAST, but analyzing apps from the inside out, rather than from the outside in. Read this white paper to learn more.
-
ESG's research exposes how the security analyst role must evolve
By: Contrast Security
Type: ESG Showcase
Access this report from Enterprise Strategy Group (ESG) to discover how the role of security analyst is evolving to work with (instead of against) development, and learn what actions you can take now to set your organization up for success.
-
30-page e-book: IoT security benchmark report 2023
By: Palo Alto Networks
Type: eBook
81% of security leaders surveyed by Starfleet Research reported that their business was struck by an IoT-focused attack within the past year. So, how can you boost IoT security at your own organization? Find guidance in this 30-page e-book.
-
A Computer Weekly buyer's guide to secure and agile app development
By: TechTarget ComputerWeekly.com
Type: eGuide
As apps become increasingly integral to business operations, the importance of keeping them secure can never be overstated. In this 15-page buyer's guide, Computer Weekly looks at how firms can protect apps from ransomware, why app creation needs to happen at pace, and how to get the right balance between security and coding
-
Top 10 IT security stories of 2018
By: TechTarget ComputerWeekly.com
Type: eGuide
The discovery of the Meltdown and Spectre microprocessor vulnerabilities, and several similar vulnerabilities in the months that followed, were probably the single most challenging developments for enterprise IT security teams in 2018. Here's a look back over Computer Weekly's top 10 IT Security stories of 2018.
-
OWASP Top Ten: How to keep up
By: Contrast Security
Type: eBook
The newest addition to the OWASP Top Ten was recently published to help organizations assess their application security efforts – but false positives could lead to unnecessary stress. Download now to learn how Contrast’s observability platforms is designed to keep up with the rapidly expanding scope of the OWASP Top Ten.
-
Perimeter Security Noise Leaves Applications Vulnerable to Attacks
By: Contrast Security
Type: White Paper
Learn how you can get AppSec protection that can compensate with the necessary visibility, accuracy, scalability, and ease of deployment to keep pace with modern application vulnerabilities without generating false positives and false negatives.
-
The exploitation of flaws in the HTTPS protocol
By: TechTarget ComputerWeekly.com
Type: Research Content
For both technical and non-technical users, the presence of "HTTPS" in a website URL will provide confidence to consider entering sensitive information such as bank or credit card details. However, even websites owned by the most reputable organisations may be exposed to attack if HTTPS is not properly implemented.
-
Explore the benefits of Linux for medical device development
By: Wind River
Type: Product Overview
Open source Linux is cost-effective and customizable for medical device development but presents security and compliance issues. Wind River Linux offers an advanced embedded platform with robust security, compliance support, and lifecycle management, aiding innovation and risk reduction in medical devices. Learn more in the full overview.
-
How intrusion prevention systems (IPS) can be used with a 'honeynet' to gather intelligence on cyber attacks
By: TechTarget ComputerWeekly.com
Type: Research Content
This article in our Royal Holloway security series explains how intrusion prevention systems (IPS) can be used with a 'honeynet' to gather intelligence on cyber attacks
-
A comprehensive hybrid cloud security model
By: Palo Alto Networks
Type: White Paper
In a recent survey, 85% of IT pros selected hybrid cloud as their ideal operating model. However, these clouds come with their share of complexity. Namely, they require a high level of interconnectivity, which increases the risk of malware attacks, or worse. Don’t delay – Leverage this white paper to learn how to secure your hybrid environment.
-
A guide to continuous software delivery
By: TechTarget ComputerWeekly.com
Type: eBook
Software empowers business strategy. In this e-guide we explore how to deliver new software-powered functionality for continuous business improvement.
-
Top 10 datacentre stories of 2018
By: TechTarget ComputerWeekly.com
Type: eGuide
There is nothing like a datacentre outage to highlight just how reliant the digital economy is on these facilities, with the 2018 news cycle dominated by tales of server rooms going awry and causing mass disruption to end users across the globe. Here's a look back over Computer Weekly's top 10 datacentre stories of 2018.
-
Secure AI Coding Tool Adoption Challenges and Opportunities
By: AWS Snyk
Type: Research Content
This study assesses organizational readiness and concerns about adopting generative AI coding tools. Many are ready, but security worries persist as a key obstacle. Steps like POCs and developer training are often missed. Read the full report for insights on role-based perspectives and secure AI tool adoption strategies.
-
Guide to developing Kubernetes security
By: Palo Alto Networks
Type: White Paper
Securing Kubernetes requires a multipronged approach that addresses the risks that exist across the various layers of Kubernetes. This guide looks at the unique considerations Kubernetes presents for cloud native application security, looking at how you can build on top of its built-in security to embrace DevSecOps. Read on to learn more.
-
4 requirements for protecting your hybrid infrastructure
By: Palo Alto Networks
Type: White Paper
Hybrid infrastructures are under attack, warns Palo Alto Networks in this white paper. To deepen your understanding of the state of hybrid security, and to discover how you can augment your security posture, tap into the 13-page paper.
-
Computer Weekly – 6 February 2018: How a digital workplace can drive innovation
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week's Computer Weekly, we look at some of the latest tools for the digital workplace and find out how they can improve collaboration and innovation. We ask what lessons the demise of Carillion has for IT outsourcing. And the CIO of retailer River Island tells us how technology is changing the high street in fashion. Read the issue now.
-
The benefits of runtime application self-protection
By: Contrast Security
Type: Product Overview
Traditional application security solutions lack visibility into runtime vulnerabilities, leading to ineffective threat detection and high false positives. Contrast Protect runtime application self-protection (RASP) provides accurate, embedded protection that reduces operational burden on security teams. Read the solution brief to learn more.
-
Top 10 CI/CD security risks you can't ignore
By: Palo Alto Networks
Type: eBook
Pipelines open new attack surfaces if not secured properly. In this 42-page eBook, learn key strategies to lock down your CI/CD environments and processes to avoid data breaches, compromised infrastructure, and failed audits.
-
Computer Weekly – 30 January 2024: Tech companies warn EU over encryption plans
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week's Computer Weekly, tech companies are calling on the European Commission to rethink plans to weaken internet encryption – we explore the issues. We talk to credit rating agency Moody's about why it thinks now is the time to invest in quantum computing. Read the issue now.
-
3 simple steps for stopping ransomware attacks
By: Illumio
Type: White Paper
Ransomware exploits the trends that have come to define modern business, taking advantage of the many entry points within today’s digital environments. This white paper aims to help you overcome the threat of ransomware, providing 3 simple steps you can use to increase your security capabilities. Download the white paper now to learn more.
-
Bitcoin, App Security, and Oracle's Controversial Licensing Policies
By: TechTarget ComputerWeekly.com
Type: Ezine
Discover how blockchain, the tech behind bitcoin, is extending its reach beyond financial services into new industries. Also learn from developers about the pros and cons of componentizing application software, examine what a recent court case shows about Oracle's licensing policies, and more.
-
Zero Trust at Scale: A Look Inside Cisco’s Zero Trust Integration Model
By: Cisco DUO
Type: White Paper
In this guide, you will learn why Cisco invested in Zero Trust when remote work initially gained foothold, how Cisco Zero Trust facilitates stakeholder engagement and buy-in, and more.
-
Discover 5 time-saving cloud security hacks that can save 500 hours
By: Accenture
Type: eBook
This eBook explores innovative strategies to enhance cloud security, focusing on efficiency and productivity. Prisma Cloud offers a comprehensive approach, streamlining operations and providing risk assessments. Learn how to save time and secure your cloud environment by reading the full eBook.
-
Powerful DDoS attacks leveraging IoT
By: Arbor Networks
Type: eGuide
A series of potent, record-setting DDoS attacks hit several targets in 2016 using IoT malware to infect and leverage a large number of internet connect devices. Inside this guide, experts reveal 11 key takeaways for this type of attack and real-world examples of companies suffering from the aftermath including Dyn.
-
Securing software resellers & small businesses
By: Gen Digital
Type: White Paper
With limited resources, resellers and other small businesses are by no means immune and are in fact uniquely at risk of serious cyberattacks. Download this white paper to unlock 5 key best practices you can use to secure your organization
-
Software supply chain security & the SOC: End-to-end security is key
By: ReversingLabs
Type: eBook
Check out this report to learn how a modern software security assurance strategy can bring the SOC into the loop of continuous integration/continuous deployment (CI/CD) software development and release cycles. In addition, the report outlines comprehensive software supply chain security best practices.