InfoQ Homepage Application Security Content on InfoQ
-
Application Security Optimised for Engineering Productivity
Laura Bell Main presented a webinar on 2024 trends in application security. She called out a shift from siloed DevSecOps initiatives to building an understanding of dev friction, and presenting solutions which optimise engineering productivity. Nikki Robinson also recently spoke about the importance of taking a developer experience targeted approach to security platform engineering.
-
Microsoft AI-Driven Security Tool Copilot for Security is Now GA
Microsoft recently announced the general availability of Copilot for Security, a generative Artificial Intelligence (AI) security product designed to help security and IT teams with the capabilities to protect their digital assets.
-
GUAC Joins OpenSSF as Incubating Project
The Graph for Understanding Artifact Composition (GUAC) has joined the Open Source Security Foundation (OpenSSF) as an incubating project. GUAC provides a tool and underlying API to analyse and visualise software bill of materials (SBOM) along with threat intelligence feeds to determine whether vulnerabilities impact an application.
-
AI and FinOps Predicted to Lead Observability Innovation in 2024
In recently published articles, three large observability companies have made predictions for the trends we will see in the observability area in 2024 and beyond. These contributions suggest that the fields of AI Integration, FinOps, OpenTelemetry and Security and Governance will impact observability significantly in the year ahead.
-
OpenSSF Adds Attestations to SBOMs to Validate How Software is Built
The Open Source Security Foundation (OpenSSF) has recently announced SBOMit, a tool designed to bolster Software Bills of Materials (SBOMs) with in-toto attestations. This development, announced under the OpenSSF Security Tooling Working Group, increases transparency and security in the software development process.
-
GitLab Launches Browser-Based Dynamic Application Security Testing (DAST) Scan
GitLab has recently introduced a browser-based Dynamic Application Security Testing (DAST) feature in version 16.4 (or DAST 4.0.9). This development is part of GitLab's ongoing efforts to enhance browser-based DAST by integrating passive checks. The release includes active check-in capabilities.
-
Privacy Engineering at Scale: DoorDash’s Journey in Geomasking and Data Protection
DoorDash recently published how it proactively embeds privacy into its products. It explains the importance of Privacy Engineering, an often overlooked software architecture practice, and provides an example of geomasking users' address data to protect their privacy better.
-
AWS Adds Automated Detection of Unused IAM Roles, Users, and Permissions
AWS recently added support for detecting unused access granted to IAM roles and users within their AWS IAM Access Analyzer tool. The new analyzer can identify unused roles, unused IAM user access keys and passwords, and unused permissions within a defined usage window. This analysis can be done across accounts within the organization and be controlled from a delegated administrator account.
-
Revolutionizing Digital Identity: How Verifiable Credentials Offer a New Era of Privacy and Control
Auth0 recently published an in-depth explanation of Verifiable Credentials (VCs). The article emphasizes the potential of VCs to transform how identities are managed online. It highlights the limitations of current identity systems and how VCs can address these gaps, particularly in allowing identity claims to be disclosed without issuers knowing, thereby enhancing privacy and control for users.
-
AppDeveloperCon Offers Deep Dives into Developer-Focused CNCF Projects
Monday the 6th of November in Chicago Illinois, Application Developer Con was held during the co-located events at KubeCon North America 2023. The full day event focused on cloud native developers and featured talks on CNCF projects (such as OpenFGA, Dapr, TestContainers, and OpenFeature), eventing, patterns like choreography/orchestration, and ways of working in today’s cloud native environments.
-
Cloudflare Turnstile: CAPTCHA Replacement Now GA and Available for Free
Cloudflare recently announced that Turnstile is now generally available and free for everyone. Designed as an alternative to traditional challenge-response tests, Turnstile is a checkbox designed to preserve user privacy, stop bots, and enhance the user experience.
-
AI a “Must-Have” in GitLab’s 2023 Global DevSecOps Report
GitLab has released their 2023 Global DevSecOps AI report, with the key finding that AI and ML use is evolving from a "nice-to-have" to a "must-have". The report shows that 23% of organizations are already using AI in software development, and of those, 60% are using it daily. Furthermore, 65% of respondents said they are using AI and ML for testing now, or would be within the next three years.
-
HashiCorp Vault Secrets Operator for Kubernetes Moves into General Availability
HashiCorp has moved the HashiCorp Vault Secrets Operator for Kubernetes into general availability. This Kubernetes Operator combines Vault's secret management tooling with the Kubernetes Secrets cache. The operator also handles secret rotation and has controllers for the various secret-specific custom resources.
-
NuGet 6.7 Announced with Enhanced Security Features
The NuGet team announced NuGet 6.7, an update that introduces a set of advanced security features. These enhancements span from updated package source mapping to the integration of vulnerability APIs, updated package version dropdowns, and the addition of warning messages to tackle trust chain issues.
-
KSOC Labs Release the First Kubernetes Bill of Materials (KBOMs)
KSOC labs recently announced the release of the first Kubernetes Bill of Materials(KBOMs). KBOM is an open source standard and command-line tool that helps security teams quickly analyze cluster configurations and respond to CVEs. The project includes an initial specification and implementation that works across cloud providers, on-prem, and DIY environments.