Time is of the essence for application security — the sooner IT teams can detect potential attacks and the longer it takes cybercriminals to crack app code, the better your business outcomes.
But with hackers adapting to overcome infosec efforts and new software vulnerabilities constantly emerging, how do companies gain more time — and give hackers less time — across their application stack?
It all starts with a change in direction: Security needs to shift left.
Hotel chain Marriott International isn’t having a good week: As reported by The New York Times, the company announced that its reservation database for Starwood-branded properties had been hacked. The numbers aren’t great, with initial data suggesting that 500 million guest records have been compromised across records dating back to 2014.
The result? This is a bigger breach than the recent Equifax debacle, catapulting it to spot on the “biggest breaches of all-time list” behind Yahoo’s three billion compromised accounts in 2017. It’s a sobering reminder that even large organizations with substantial security resources still face the specter of data breaches, but also raises an important question: What (if anything) can companies do to limit their risk of becoming the next hacked-network newsmaker?
Entity Framework is an object-relational mapping (ORM) framework used in Xamarin, WPF, ASP.NET and many other types of .NET applications. It greatly simplifies the code that a developer typically needs to write for database access and querying.
Entity Framework pairs the names of database tables to the names of model types in source code that are used to generate the tables. These names must stay consistent for the application to function properly. This means that when performing renaming obfuscation on these sections of code, we must exclude the model types from renaming.
It’s no longer enough to just make great software. Now, mobile-enabled, always-connected users demand applications capable of meeting them where they are — without sacrificing quality, performance, or protection. This means easy to use, intuitive software that’s always available, always secure, and always works, delivered at a fast cadence.
To meet these increasing expectations, 3rd party tools and solutions continue to be critical for development environments. Companies recognize the need to use a combination of in-house, open-source, and proprietary offerings to deliver competitive software on-demand.
At PreEmptive we’re continuously searching for ways to improve our development process, boost productivity, and drive best-of-breed software design. But we’re not selfish — in the spirit of the season, we’re happy to share some of our favorite tools for software development and design.
DashO has support for protecting applications that use Spring Framework Core. Spring can be configured either by custom annotations or XML configuration files, and DashO has support for both. However, applications that use custom annotations require additional handling.
There’s big money in artificial intelligence (AI) — reaching almost $12 billion over the next six years. As noted by research firm McKinsey & Company, companies are now in the process of building out the technology foundation they need for AI deployment, with 45 percent of executives already worried about not investing enough in AI to keep up with the competition. It’s not a baseless fear: The McKinsey research also suggests that AI adoption is following a standard “S-Curve” model, which starts with slow adoption by a limited number of businesses followed by rapid mass adoption as market opportunities increase and then slows again as stragglers are left behind.
Given the wide range of potential applications for AI and the evolution of core intelligence technologies, increased business interest is no surprise. What companies may not be prepared for, however, is the uptick in hacker usage of AI tools and solutions — what happens when attackers flip the AI script?
That was the title of yesterday's congressional briefing organized by ACT | The App Association (in cooperation with the Congressional IP Caucus which is co-chaired by Rep. George Holding, Rep. Adam Smith, & Rep. Hakeem Jeffries).
As is often the case when presenting to different kind of audience (not software-centric), you’re forced to reorganize your thoughts – here are few that might be worth sharing.
Attendees were promised the following agenda:
- Learn how rogue apps steal content;
- Understand what access devices are enabling the piracy of content;
- Learn about a range of app piracy methods used to exploit U.S. companies;
- Gain insight into existing industry best practices and enforcement methods for combating IP piracy.
App development now happens at breakneck speeds as companies recognize the need for first-to-market applications that exceed consumer expectations for usability and performance. The root of this rapid release cycle? DevOps — the combination of development and operations teams to deliver best-in-class applications ASAP.
But more apps on the market more quickly means more chances for security issues — as noted by Bank Info Security, 60 percent of all breaches over the last two years started with known software vulnerabilities. Bottom line? DevOps is getting apps out of development, but lack of security is putting them in harm’s way. There are no second chances when it comes to first impressions; users won’t come back if applications expose personal data or become malware distribution drones.
The solution? DevSecOps: Security as a fundamental aspect of application development. Here’s what you need to know.