Four common API vulnerabilities and how to prevent them
Proper security measures are one of the most important aspects of building an application programming interface, or API. It’s great for an API to connect systems and give …
programming
IT ops and engineering are embracing automation to increase business agility
Based on a survey of nearly 700 engineering and operations individuals globally, a report by Indeni and GNS3 reveals a programming knowledge gap that is having an impact on …
Eavesdropper vulnerability exposes sensitive corporate communications data
Appthority published research on its discovery of the Eavesdropper vulnerability, caused by developers carelessly hard coding their credentials in mobile applications that use …
Node.js security: Are developers confident in the quality of their code?
A NodeSource and Sqreen joint developer survey of nearly 300 CTOs, CIOs and developers revealed that, while the developer community fully understands the risks of operating in …
Secure coding in Java: Bad online advice and confusing APIs
For programmers and software developers, the Internet forums provide a great place to exchange knowledge and seek answers to concrete coding conundrums. Alas, they are not …
How secure are mobile banking apps?
Do banking institutions have a good handle on the things they need to remediate and new control layers they need to adopt to keep users secure? To answer those questions, …
Top-ranked programming Web tutorials introduce vulnerabilities into software
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been …
Rules for secure coding in the C++ programming language
The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. The standard provides rules for secure coding in the C++ …
Redefining the role of security in software development
Software is becoming increasingly important for market success, driving an ever greater need for speed in the development process. The rapid adoption of DevOps is testimony to …
Project Springfield: Cloud-based fuzz testing for uncovering million-dollar bugs
This Moday Microsoft debuted Project Springfield, a cloud-based fuzz testing (aka fuzzing) service that the company has been working on for a quite a while. David Molnar and …
Fresh Bluetooth Developer Toolkit line tackles IoT security, interoperability
The Bluetooth Special Interest Group (SIG) released several updates to its developer toolkit line-up, which enables developers to build smarter when creating things like …
Connected devices riddled with badly-coded APIs, poor encryption
The advent of home automation and rapid rise of smart home connected devices is seeing some vendors and new startups scramble to become a part of the movement, with ABI …