Microservices have refashioned the way modern apps are developed. Previously, monolithic architecture was used for app development. A monolithic app is made from a single unit with three parts: a database, a client-side UI that runs on the user’s system or browser, and a server-side app. But in microservices, an app consists of multiple units. Each of these units runs alone and connects via APIs.
With the advancement of web technologies, there are many new ways to create dynamic websites. But we are also facing a growing rate of cyber threats. We can see that even the most reputed companies are falling prey to cyberattacks. For instance, bots are now spreading across the internet like wildfire. In fact, they constitute a major portion of web traffic. Now, some bots help businesses improve their presence. On the other hand, there are some bad bots that are a threat to a company.
Cybersecurity has become an increasingly trending topic for anyone in the technology space. With millions of attacks happening every day, people have started focusing on security more than ever before. The development, QA, and internal security teams do their best to secure their products. But it’s hard to catch everything internally, and there’s no harm in getting another opinion.
Although the security community has been aware of server-side request forgeries (SSRF) for a while, it’s only since the Capital One breach that they hit mainstream awareness. However, most of the public documentation following the breach focused on the attacking side of the equation (i.e. how to trigger and exploit an SSRF vulnerability) rather than on how to defend against SSRF exploits.
We’ve been working hard at Sqreen to make our protection transparent and frictionless. We recently released Sqreen for Go, which detects and blocks security issues inside Go applications without requiring any code modification. To make this possible, we leverage dynamic instrumentation to insert additional security logic into the program’s behavior at run time.
At B2B Rocks 2019, I took part in a panel discussion titled “How to Shape the Most Reliable and Secure Tech.” We had an interesting talk about how B2B companies can improve security, particularly around doing so as they scale up. I’ve been thinking about our conversation recently, as the day-to-day has shifted for people all over the world, so I wanted to take a moment to share some of the insights from the talk.
A couple of years ago, there were two major teams that worked on getting software built: the development team and the operations team. The development team created the software, and the operations team provided everything that was required to build the software. Because there were two separate teams involved, software development took more time. DevOps was introduced to make the software development life cycle shorter.
It’s rough out there—hackers, threats, cyber warfare, and more! Everything is happening at the same time, and it feels like cybersecurity awareness is in everybody’s crosshairs. We all know we should improve our security, but figuring out how to prioritize it is a challenge for all of us.
There was a time when applications were built just to complete the task they were required for. But these days, developers often need to focus just as much on how secure the application is. If you’ve written code, it’s likely that you’ve been asked to check for the most common security loopholes and fix them. Almost every large organization has a dedicated QA and security department. Even so, it’s important that you, as a developer, understand the importance of security.
Today is an exciting day for Sqreen. We’re adding a brand new slice to our Application Security Management platform: a security testing solution that helps security and engineering teams better secure their code. Since the beginning, Sqreen’s mission has been to make robust application security available to everyone, with the flexibility, transparency, and depth needed in modern environments. This has been our guiding light behind everything we’ve built.
