Prevention, detection, and response
Today, Microsoft announced Azure DevOps – Loosely, it is TFS and VSTS, with its services broken out into distinct components that can be used together or separately. The Azure DevOps services are Azure Boards, Azure Repos, Azure Pipelines, Azure Test Plans and Azure Artifacts. When Azure DevOps was VSTS and TFS, we supported integration with PreEmptive’s Dotfuscator. Today, none of that changes. As Azure DevOps evolves, we will continue to improve our integration, so that you can easily add multi-layered protection to your valuable apps.
In Mindset shift to a DevSecOps culture, Buck Hodges, Director of Engineering for Visual Studio Team Services, stressed the importance of both preventing breaches and “assuming breaches. ”In essence, prevention only gets you part of the way there. “Assuming a breach” allows for effective incident detection, response and recovery process planning.
The .NET Conference is right around the corner. Make sure to mark your calendar because this virtual three-day developer event is not one you will want to miss. Included will be a wide variety of live sessions for beginners to advanced developers to attend.
Learn to build and the latest techniques for:
The release of Dotfuscator v4.37 yesterday marks the first big step toward a major goal: to modernize our Visual Studio integration. This release is numbered as a "minor" release - because, as always, we work hard to not make breaking changes - but its significance is actually very major.
Our current Visual Studio integration has always been one of the primary user interfaces for Dotfuscator; nearly half of our users use it, or have used it. Of those users, most are quite happy with it. (So we know that changing it is no small undertaking!)
However, there are some users who can't use it, or for whom it doesn't work very well. Notably, users with especially large projects, or complex build configurations, or more-modern projects that have heavy packaging components (including Xamarin and UWP), have all only had the option of our "standalone GUI" and a custom-made build integration.
First, thanks to PreEmptive for inviting me to do a guest post.
Since you're reading this on preemptive.com, you are already aware and probably concerned with the importance of planning for security in application development. And in this guest blog post, I want to address specifically the security vulnerabilities that legacy applications present to your entire organization.
If the Equifax hack wasn't a wakeup call for your entire appsec team, you're probably headed for an earlier retirement than you might otherwise have planned for.
Applications are under siege. As demonstrated by the recent Equifax breach and many others, hackers leveraged everything from compromised mobile apps to cloud-based vulnerabilities. The result? Enterprise IT teams are recognizing that they’re being targeted – particularly their critical apps.
We have just released Dotfuscator Professional 4.31 and it’s available for immediate download (both for clients and as a free evaluation).
Dotfuscator Professional 4.31
- Extends its application protection to new development communities for the very first time.
Garbage in, garbage out is shorthand for “incorrect or poor quality data will always produce faulty results.”
The “garbage data” vulnerability is especially gnarly in that there is actually no fix – no cure.
The only viable development strategy is one of avoidance.
Applications drive corporate success. As noted by Business 2 Community, the average American smartphone owner uses more than 10 apps per day and spends over three hours per day connected to the Internet via their mobile device. The problem? Rapidly-expanding app markets combined with easy-to-find hacker kits make the current environment a cybercriminal’s paradise — according to recent Ponemon data, the average cost of a data breach is around $3.62 million and the size of breaches is trending up. It gets worse: According to Gartner, 99 percent of app vulnerabilities exploited won’t rely on new, sophisticated attack vectors, but existing vulnerabilities that infosec pros have seen in the wild for at least a year.