One Article Review
| Source |  Veracode |
|---|---|
| Identifiant | 2683638 |
| Date de publication | 2021-04-23 09:34:12 (vue: 2021-04-23 14:05:31) |
| Titre | Reporting Live From Collision Conference 2021: Part Two! |
| Texte |  If you caught part one of our recap series on this year???s Collision conference, you know we covered a roundtable talk hosted by Veracode???s own Chris Wysopal. The talk focused on the risks of AI and machine learning, delving into discussions of how to manage the security aspects of these future-ready technologies ???ツ?especially when it comes down to consumer privacy.ツ?
Chris also had the opportunity to host a session of his own, covering the critical aspects of modern application security and the reasons that organizations need to get serious about security-minded approaches to their code. Here???s what we learned.ツ?
Secure from the top down
Chris began his session Secure From the Top Down by noting that, today, it???s important to think about application and product security through the eyes of the developer or the builder. With so many applications running in the cloud and so many devices connected to the Internet of Things (IoT), Chris pointed out that the attack surface for threat actors is growing exponentially and that everyone building and deploying technology needs to consider the risks moving forward.
Connected devices are everywhere, Chris said, but they???re not typically behind a firewall. Normally, these devices are connected to 5G or Wi-Fi. According to Chris, this means devices essentially need to secure themselves and all of the connection points where they talk to other devices or they pose a security risk.ツ?
Further, everything is connected through APIs today. ???We used to have big, monolithic software packages with one big block of code,??? Chris said. ???Today, we have a lot of small devices; even with applications running in the cloud, they???re built with microservices and are talking to each other through APIs.??? This is a way an attacker can exploit a device or an application, and means the builders of today need to improve the security around their APIs for a more secure tomorrow.
It???s already a problem; Chris pointed out in his session that, according to the 2020 Verizon Data Breach Investigations Report, 43 percent of breaches come from single page applications. Developers working on building these single page apps need to be more considerate with their security.ツ?
Looking ahead at trends
Time is the biggest competitor for most organizations, according to Chris, and there are three main trends that are going to impact product security moving forward: ubiquitous connectivity, abstraction and componentization, and hyperautomation of software delivery.ツ?
Ubiquitous connectivity
While this involves the rise of APIs and IoT devices, what it really comes down to is that each piece of software connected through the network and APIs must think about securing itself. ???Each code that is exposing an API needs to think about how it will authenticate, encrypt, and secure itself from all |
| Envoyé | Oui |
| Condensat | 2020 2021 2021: about abstraction according actors adoption ahead all already also always api apis application applications approach approaches approaching apps are around aspects attack attacker attending authenticate automate automated automation become before began behind big biggest bill blast block breach breaches bugs builder builders building built but cac can catch caught chain change changes checked chris cloud code collision come comes committed competitor compliance componentization concept conference connected connection connectivity consider considerate consumer covered covering critical crucial data defined delivery delving deploying deployment developer developers development device devices devices; different discussions down drive each easier elaborates else enables enabling encrypt environments especially essentially even every everyone everything everywhere example exploit exponentially exposing eyes faster firewall flaws focused forward forward: from further future get going growing had happen have having heavy help helpful here his host hosted how hyperautomation impact implement implementing important improve infrastructure infrastructures innovative internet investigations involves iot itself keep keeping know lag learned learning left like live looking looks lot machine main make manage manual manufacturer many materials meaningful means measures microservices might minded mindset mindsets missed model modern momentum monolithic more most moving must need needs network new next norm normally not noted notes notice noting now once one open opportunity options organizations other out own packages page part party patching percent piece pipeline place pointed points pose prevent privacy problem; problems procedures process processes product production push read ready really reasons recap rely report reporting responsibility reviewing rise risk risks roundtable run running sac sacrificing said same says scan scanning schedule secure securing security seeing series serious session shape shared shifting single small software sooner source speed start store such suppliers supply sure surface taking talk talking team techniques technologies technology testing them themselves these things think third those though threat three through time today tomorrow tools top towards track trend trends two typically ubiquitous used using veracode verizon virtual way well what when where will without working would wysopal year |
| Tags | Data Breach Threat Patching |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.