Everyone can agree that application programming interface (API) security is important, but whose responsibility is it? Many organizations don't have a clear answer — and this presents a major opportunity for developers to step up into an important new role: API champion ...

The field of cloud native development is rapidly evolving, but during this shift to modern environments such as Kubernetes, many DevOps teams are putting security on the back burner in a rush to move to cloud native environments. This is opening the door to a wide array of new security risks and numerous opportunities for unscrupulous cybercriminals — and machine identities are a prime example of this ...

The acceleration of digital transformation and subsequent rise in API, containerization, and multi-cloud deployments are creating a dynamic attack surface that's growing increasingly complex. Maintaining visibility to keep track of new, changed, unmanaged, or insecure APIs grows increasingly difficult ...

For years, mainframe systems have served as the bedrock of enterprise networks, standing unmatched in terms of reliability, scalability, and data protection. But with emerging practices like DevOps, the rise of open-source, and the move to hybrid cloud models, security risks have become a pressing concern. With constantly changing rules and shifts in how software is developed and used, it's more important than ever to focus on mainframe security ...

DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact development and application security in 2024: AI will play a significant role in generating code, allowing for faster development with fewer human resources. But as code inevitably becomes more like open-source software, AI-generated vulnerabilities will become a bigger concern ...

In Episode 44 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present Security 101 Basics: how to get started on a cybersecurity career ...

If the use of AI is consigned to code generation, organizations may miss some of the most transformative opportunities for AI in software development. Let's walk through three ways to use AI in your DevSecOps workflows for faster cycle times and accelerated value stream delivery: predictive analytics, code testing and review, and security vulnerability detection ...

While developers are facing internal pressure to build next-generation applications at astronomical speed, security teams are wrangling with an increasingly volatile cyber threat landscape, growing consumer concerns for applications built to secure their data, and the broad surface of threats they have to cover along with API security ... In most instances, the roadblocks faced by both teams comes down to a lack of clear communication and the absence of workflow policies and procedures, which often prove detrimental.So how can organizations start to bridge this gap and enable these teams to perform together at the highest level? ...

Lines of code bridge the gap between digital worlds, enabling seamless data sharing and functionality between different software systems. With this heightened interconnectivity, API security becomes paramount to protect sensitive data and ensure the integrity of digital services. While OAuth has been a widely adopted protocol for API security, it's essential to recognize that it alone may not suffice to address all security challenges. In fact, there are many limitations of OAuth and other advanced security measures to bolster API security ...

In Episode 40 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the latest court ruling about the Apple and Google App Stores ...

In Episode 38 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the security implications of the latest Apple iOS NameDrop feature ..