programming

George Gerchow, CSO at Sumo Logic: Our DevSecOps strategy
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, their purpose-built, cloud-native service analyzes more than 100 …

Four common API vulnerabilities and how to prevent them
Proper security measures are one of the most important aspects of building an application programming interface, or API. It’s great for an API to connect systems and give …

IT ops and engineering are embracing automation to increase business agility
Based on a survey of nearly 700 engineering and operations individuals globally, a report by Indeni and GNS3 reveals a programming knowledge gap that is having an impact on …

Eavesdropper vulnerability exposes sensitive corporate communications data
Appthority published research on its discovery of the Eavesdropper vulnerability, caused by developers carelessly hard coding their credentials in mobile applications that use …

Node.js security: Are developers confident in the quality of their code?
A NodeSource and Sqreen joint developer survey of nearly 300 CTOs, CIOs and developers revealed that, while the developer community fully understands the risks of operating in …

Secure coding in Java: Bad online advice and confusing APIs
For programmers and software developers, the Internet forums provide a great place to exchange knowledge and seek answers to concrete coding conundrums. Alas, they are not …

How secure are mobile banking apps?
Do banking institutions have a good handle on the things they need to remediate and new control layers they need to adopt to keep users secure? To answer those questions, …

Top-ranked programming Web tutorials introduce vulnerabilities into software
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been …

Rules for secure coding in the C++ programming language
The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. The standard provides rules for secure coding in the C++ …

Redefining the role of security in software development
Software is becoming increasingly important for market success, driving an ever greater need for speed in the development process. The rapid adoption of DevOps is testimony to …

Project Springfield: Cloud-based fuzz testing for uncovering million-dollar bugs
This Moday Microsoft debuted Project Springfield, a cloud-based fuzz testing (aka fuzzing) service that the company has been working on for a quite a while. David Molnar and …

Fresh Bluetooth Developer Toolkit line tackles IoT security, interoperability
The Bluetooth Special Interest Group (SIG) released several updates to its developer toolkit line-up, which enables developers to build smarter when creating things like …
Featured news
Resources
Don't miss
- Why we must go beyond tooling and CVEs to illuminate security blind spots
- Making security and development co-owners of DevSecOps
- Review: Passwork 7.0, self-hosted password manager for business
- What a mature OT security program looks like in practice
- Machine unlearning gets a practical privacy upgrade