Applications, SDLC and Security - Information Technology Zone

Reimagine application modernisation with the power of generative AI

CIO Business Intelligence

JANUARY 15, 2025

In a global economy where innovators increasingly win big, too many enterprises are stymied by legacy application systems. Maintaining, updating, and patching old systems is a complex challenge that increases the risk of operational downtime and security lapse. The solutionGenAIis also the beneficiary.

Applications

Applications SDLC Agile Enterprise

Weave Security Through Your SDLC from Idea to Maintenance

Tech Republic Security

APRIL 5, 2022

SafeStack Academy’s community-centric Secure Development training gives developers, testers, analysts, and architects the skills they need to build high-quality, secure software at speed. The post Weave Security Through Your SDLC from Idea to Maintenance appeared first on TechRepublic.

SDLC

SDLC Security Course Training

7 types of tech debt that could cripple your business

CIO Business Intelligence

MARCH 25, 2025

After all, a low-risk annoyance in a key application can become a sizable boulder when the app requires modernization to support a digital transformation initiative. Accenture reports that the top three sources of technical debt are enterprise applications, AI, and enterprise architecture.

Architecture

Architecture Devops Open Source Database Administration

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Broadcom launches VMware Tanzu Data Services

Network World

NOVEMBER 5, 2024

VMware Tanzu for MySQL: “The classic web application backend that optimizes transactional data handling for cloud native environments.” VMware Tanzu RabbitMQ: “Secure, real-time message queuing, routing, and streaming for distributed systems, supporting microservices and event-driven architectures.”

Vmware

Vmware Disaster Recovery Data Backup

Getting ahead of cyberattacks with a DevSecOps approach to web application security

CIO Business Intelligence

JUNE 20, 2023

Web applications are foundational to a company’s business and brand identity yet are highly vulnerable to digital attacks and cybercriminals. As such, it’s vital to have a robust and forward-leaning approach to web application security. What is DevSecOps? According to IBM , a single data breach costs $9.4

Applications

Applications Security SDLC Devops

Aptori Now on Google Cloud Marketplace for AI-Powered Security and Automated Risk Remediation

CIO Business Intelligence

MARCH 12, 2025

Aptori , a leader in AI-driven application security, today announced the launch of its AI-driven AppSec Platform on Google Cloud Marketplace as part of graduating from Google Clouds ISV Startup Springboard program. The result is deeper coverage and more precise security insights.

Google

Google Security Cloud SDLC

Scaling security: How to build security into the entire development pipeline

CIO Business Intelligence

OCTOBER 31, 2023

When an application is finally ready for deployment, the last thing the development team wants to hear is: “Stop! There’s a security issue.” And then, after months of painstaking work, their application launch is delayed even further.

Security

Security Development How To SDLC

Jeremiah Grossman: Focus on ransomware, SDLC, and endpoints

Network World

JULY 1, 2016

With so many elements in information security -- application, network infrastructure, the endpoint, perimeter defenses, and data-centric approaches -- it's easy to fall in the trap of touting one as more important than the other. That overlap is most evident with application and endpoint security.

SDLC

SDLC Fractional CTO Information Security CTO

Beyond DevSecOps: Why fintech companies need to consider DevSecRegOps

CIO Business Intelligence

OCTOBER 31, 2023

DevSecOps refers to development, security, and operations. As a practice, DevSecOps is a way to engrain practices in your SDLC that ensures security becomes a shared responsibility throughout the IT lifecycle. Visit Discover Technology to learn how Discover developers approach application development.

Company

Company SDLC Meeting Banking

Need for Speed Drives Security-as-a-Service

CIO Business Intelligence

JULY 6, 2023

Threats are emerging at a speed that makes it difficult for internal security practitioners to keep pace. There are zero-day attacks that exploit vulnerabilities before security teams are even aware of them. DDoS attacks that target networks, applications, and APIs can seemingly come out of nowhere. And SECaaS gives you that.”

Security

Security SDLC Survey Software Development

What executives should know about CNAPP

CIO Business Intelligence

AUGUST 9, 2023

First termed in the Gartner Hype Cycle for Cloud Security, 2021, a cloud-native application protection platform (CNAPP) is, as the name implies, a platform approach for securing applications that are cloud-native across the span of the software development lifecycle (SDLC) of the applications.

SDLC

SDLC Agile Cloud Applications

The hidden cost of insecure code: More than just data breaches

CIO Business Intelligence

AUGUST 26, 2024

By quantifying the slow drain of technical debt, we make the case for incorporating better code security from day one. Costs climb rapidly as you audit code, roll out security patches, reset user credentials across environments, and potentially notify parties impacted by lost data. Lost productivity and frustration ensue.

Data

Data Engineering Security SDLC

Cider Security launches application security platform

Venture Beat

MARCH 7, 2022

Cider Security aims to help users gain transparency over the software development life cycle (SDLC) from code development to deployment, while identifying risks in the environment and receiving recommendations on how to improve its overall security posture. Read More.

SDLC

SDLC Security Applications Software Development

What Executives Should Know About Shift-Left Security

CIO Business Intelligence

FEBRUARY 24, 2023

By Zachary Malone, SE Academy Manager at Palo Alto Networks The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. How did the term shift-left security originate? Why is shift-left security important in cybersecurity?

Security

Security SDLC Applications Development

When least privilege is the most important thing

CIO Business Intelligence

NOVEMBER 2, 2023

In the ever-evolving realm of information security, the principle of Least Privilege stands out as the cornerstone of safeguarding sensitive data. Organizations that follow the principle of least privilege can improve their security posture by significantly reducing their attack surface and risk of malware spread. Within a ZTNA 2.0

Backup

Backup Information Security Security Cloud

Cider Security launches application security platform

Venture Beat

MARCH 8, 2022

Cider Security aims to help users gain transparency over the software development life cycle (SDLC) from code development to deployment, while identifying risks in the environment and receiving recommendations on how to improve its overall security posture. Read More.

SDLC

SDLC Security Applications Software Development

What Are Security Guardrails? Why Do They Matter to Your AppSec Program?

SecureWorld News

MAY 19, 2022

The wide adoption of cloud-native applications and infrastructure has propelled DevOps and a self-service culture enabling developers to go from code to cloud in hours. Security teams are entirely unprepared to govern and secure the modern SDLC in this agile world. What are security guardrails?

SDLC

SDLC Security Programming Devops

3 ways CIOs are leading the way to an AI-enabled enterprise

CIO Business Intelligence

SEPTEMBER 6, 2024

Drive AI into IT delivery by accelerating adoption within your function to boost productivity and champion change.

Enterprise

Enterprise Enterprise SDLC Budget

Can Application Security Testing Be Fixed?

ForAllSecure

SEPTEMBER 15, 2021

Shoenfield -- Author, Passionate Security Architect, and Curious Questioner of Assumptions -- challenged whether application security can be fixed at FuzzCon 2021. Listed below are the top 3 takeaways from Shoenfield’s keynote presentation: Myth: SAST Is The Answer To Application Security.

Applications

Applications Security SDLC Analysis

How Fuzzing Redefines Application Security

ForAllSecure

JULY 8, 2021

The application security testing market is highly fragmented. From SAST to DAST to SCA to IAST to RASP, the current state of the market is a byproduct of various assertions on what is believed to be the best way to address application security testing. Our answer? Why Fuzzing Is the Answer. But things have changed.

Applications

Applications Security Analysis SDLC

Lord of the Metrics

A CIO's Voice

OCTOBER 18, 2010

In order to meet this requirement IT must provide the following services while managing costs and prioritizing requests to optimize value: Operate and support the infrastructure required to process, store, secure, and communicate information. Operate and support the business applications that process information.

SDLC

SDLC WAN Budget Trends

Phishing Email Subject Lines that End-Users Find Irresistible

SecureWorld News

JULY 7, 2020

Recently, Chef commissioned a survey of security professionals in order to provide greater insight into what security leaders are most concerned with and how collaboration with I&O (Infrastructure & Operations) is needed within enterprise-sized organizations. How important is DevSecOps in the SDLC?

SDLC

SDLC Survey Software Development Security

How SAST and Mayhem Work Together for Comprehensive Application Security Testing

ForAllSecure

DECEMBER 20, 2022

Software application vulnerabilities fall into three different risk categories : Known Known : Known Knowns are identifiable risks that are known to lead to compromise. Static Application Security Testing (SAST), or static analysis tools uncover bugs by analyzing source code. SAST is best used during the SDLC development phase.

Applications

Applications SDLC Security Software

5 Ways to Prevent Secret Sprawl

SecureWorld News

AUGUST 30, 2021

In the software development life cycle (SDLC), 85% of leaking secrets come from developers sharing information on public personal accounts. This goes to show just how important it is to have the proper training, procedures, and tools in place when it comes to combatting secret sprawl and leaks in your SDLC. Use short-lived credentials.

SDLC

SDLC Software Development Software Software

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

There are several benefits for using Static Analysis Security Testing (SAST) for your software security. Waste : How much of this developer effort will eventually be wasted due to FPs with no measurable improvement in the security of an application? Compliance however is not security. Another approach is required.

Applications

Applications Security Analysis Software

The DevSecOps Lifecycle: How to Automate Security in Software Development

ForAllSecure

MAY 2, 2023

Historically, security has been bolted on at the end of the development cycle, often resulting in software riddled with vulnerabilities. This leaves the door open for security breaches that can lead to serious financial and reputational damage. Develop During the development phase, development teams both build and test the application.

Software Development

Software Development Software Software Development

Measuring CIO Performance

A CIO's Voice

NOVEMBER 2, 2010

Application Management. Application Management. Various business critical applications. GOAL – Application is the latest version. Application development to support business goals. Infrastructure & software security. GOAL – Maintain adequate security across environment to ensure data is protected.

Training

Training Budget Meeting Policies

Safeguarding Ethical Development in ChatGPT and Other LLMs

SecureWorld News

AUGUST 7, 2023

This first installment is "Safeguarding Ethical Development in ChatGPT and Other LLMs through a Comprehensive Approach: Integrating Security, Psychological Considerations, and Governance." Three key elements require our attention: security measures, psychological considerations, and governance strategies.

Development

Development SDLC Security Tools

Your AST Guide for the Disenchanted: Part 6

ForAllSecure

NOVEMBER 3, 2020

Generates a bill of materials for applications and the corresponding known vulnerabilities within them. Executes uncommon and unknown attack patterns against applications and monitors for anomalous behaviors. Application State During Testing. SDLC Phase. Software Composition Analysis (SCA). Advanced Fuzz Testing (AFT).

SDLC

SDLC Applications Study Devops

Your AST Guide for the Disenchanted: Part 6

ForAllSecure

NOVEMBER 3, 2020

Generates a bill of materials for applications and the corresponding known vulnerabilities within them. Executes uncommon and unknown attack patterns against applications and monitors for anomalous behaviors. Application State During Testing. SDLC Phase. Software Composition Analysis (SCA). Advanced Fuzz Testing (AFT).

SDLC

SDLC Applications Study Devops

Your AST Guide for the Disenchanted: Part 6

ForAllSecure

NOVEMBER 3, 2020

Generates a bill of materials for applications and the corresponding known vulnerabilities within them. Executes uncommon and unknown attack patterns against applications and monitors for anomalous behaviors. Application State During Testing. SDLC Phase. Software Composition Analysis (SCA). Advanced Fuzz Testing (AFT).

SDLC

SDLC Applications Study Devops

Securing Your APIs

ForAllSecure

OCTOBER 27, 2021

It’s safe to say that APIs are now a critical part of modern application architectures today. In the age of SaaS applications and infrastructure, many architectures are designed around being API-first for managing data ingestion and retrieval. Through our GitHub app, developers can identify repositories as applications to fuzz.

Security

Security Authentication Applications SDLC

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

There are several benefits for using Static Analysis Security Testing (SAST) for your software security. Waste : How much of this developer effort will eventually be wasted due to FPs with no measurable improvement in the security of an application? Compliance however is not security. Fuzzing is the next evolution.

Applications

Applications Security Analysis Software

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

There are several benefits for using Static Analysis Security Testing (SAST) for your software security. Waste : How much of this developer effort will eventually be wasted due to FPs with no measurable improvement in the security of an application? Compliance however is not security. Fuzzing is the next evolution.

Applications

Applications Security Analysis Software

A Guide To Automated Continuous Security Testing

ForAllSecure

JULY 13, 2021

The acceleration of application development has shown no sign of stopping. These forces are driving organizations to go beyond merely identifying common security errors or protecting against common attack techniques. Increasingly complex applications are calling for the need to anticipate, detect, and respond to new threats.

Security

Security SDLC Software Software

The Evolution of Security Testing

ForAllSecure

JULY 27, 2021

Based on these numbers, the average SAST tool is likely to find only 14 percent of the vulnerabilities in an application’s code. Security needs to be part of the development experience. This has given rise to the application security space. You are either secure or insecure, there is no grey area.

Security

Security Applications Development SDLC

Your AST Guide for the Disenchanted: Part 5

ForAllSecure

OCTOBER 20, 2020

They solve intricate problems by writing applications. Although they are talented individuals who possess many skills, they are not security engineers. Writing code and writing secure code require two separate skill sets. Coding works similarly; The applicability of coding rules largely depends on context.

SDLC

SDLC Applications Security Development

Your AST Guide for the Disenchanted: Part 5

ForAllSecure

OCTOBER 20, 2020

They solve intricate problems by writing applications. Although they are talented individuals who possess many skills, they are not security engineers. Writing code and writing secure code require two separate skill sets. Coding works similarly; The applicability of coding rules largely depends on context.

SDLC

SDLC Applications Security Study

Your AST Guide for the Disenchanted: Part 5

ForAllSecure

OCTOBER 20, 2020

They solve intricate problems by writing applications. Although they are talented individuals who possess many skills, they are not security engineers. Writing code and writing secure code require two separate skill sets. Coding works similarly; The applicability of coding rules largely depends on context.

SDLC

SDLC Applications Security Study

3 Reasons Developers Should Shift Left for API Security

ForAllSecure

DECEMBER 6, 2022

Shifting left for API security has many benefits. In order to build API security testing into the development process naturally, use a shift left approach along with an automated API tester, such as Mayhem for API. 3 Reasons Developers Should Shift Left for API Security. What Is Shifting Left?

Development

Development Security SDLC Software

Why Fuzz Testing Is Indispensable: Billy Rios

ForAllSecure

SEPTEMBER 2, 2021

I recently spoke to Gartner on the addition of fuzz testing to their Critical Capabilities for the Application Security Testing Magic Quadrant. He has led security engineering and product security programs at organizations with the most advanced fuzz testing programs, such as Google and Microsoft. This is key.

SDLC

SDLC Programming Applications Security

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

OCTOBER 6, 2020

Developing applications works the same way. With the exponential speed at which applications are proliferating into every aspect of our lives, it comes as no surprise that developers often write code to assemble them. Wide code adoption is often falsely assumed to be secure. Application State During Testing. SDLC Phase.

SDLC

SDLC Analysis Open Source Applications

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

OCTOBER 6, 2020

Developing applications works the same way. With the exponential speed at which applications are proliferating into every aspect of our lives, it comes as no surprise that developers often write code to assemble them. Wide code adoption is often falsely assumed to be secure. Application State During Testing. SDLC Phase.

SDLC

SDLC Analysis Open Source Applications

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

SEPTEMBER 25, 2020

Developing applications works the same way. With the exponential speed at which applications are proliferating into every aspect of our lives, it comes as no surprise that developers often write code to assemble them. Wide code adoption is often falsely assumed to be secure. Application State During Testing. SDLC Phase.

SDLC

SDLC Analysis Open Source Applications

Reimagine application modernisation with the power of generative AI

Weave Security Through Your SDLC from Idea to Maintenance

Webinars

Trending Sources

7 types of tech debt that could cripple your business

Webinars

Broadcom launches VMware Tanzu Data Services

Getting ahead of cyberattacks with a DevSecOps approach to web application security

Aptori Now on Google Cloud Marketplace for AI-Powered Security and Automated Risk Remediation

Scaling security: How to build security into the entire development pipeline

Jeremiah Grossman: Focus on ransomware, SDLC, and endpoints

Beyond DevSecOps: Why fintech companies need to consider DevSecRegOps

Need for Speed Drives Security-as-a-Service

What executives should know about CNAPP

The hidden cost of insecure code: More than just data breaches

Cider Security launches application security platform

What Executives Should Know About Shift-Left Security

When least privilege is the most important thing

Cider Security launches application security platform

What Are Security Guardrails? Why Do They Matter to Your AppSec Program?

3 ways CIOs are leading the way to an AI-enabled enterprise

Can Application Security Testing Be Fixed?

How Fuzzing Redefines Application Security

Lord of the Metrics

Phishing Email Subject Lines that End-Users Find Irresistible

How SAST and Mayhem Work Together for Comprehensive Application Security Testing

5 Ways to Prevent Secret Sprawl

Challenging ROI Myths Of Static Application Security Testing (SAST)

The DevSecOps Lifecycle: How to Automate Security in Software Development

Measuring CIO Performance

Safeguarding Ethical Development in ChatGPT and Other LLMs

Your AST Guide for the Disenchanted: Part 6

Your AST Guide for the Disenchanted: Part 6

Your AST Guide for the Disenchanted: Part 6

Securing Your APIs

Challenging ROI Myths Of Static Application Security Testing (SAST)

Challenging ROI Myths Of Static Application Security Testing (SAST)

A Guide To Automated Continuous Security Testing

The Evolution of Security Testing

Your AST Guide for the Disenchanted: Part 5

Your AST Guide for the Disenchanted: Part 5

Your AST Guide for the Disenchanted: Part 5

3 Reasons Developers Should Shift Left for API Security

Why Fuzz Testing Is Indispensable: Billy Rios

Your AST Guide for the Disenchanted: Part 4

Your AST Guide for the Disenchanted: Part 4

Your AST Guide for the Disenchanted: Part 4

Stay Connected