WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

{{ moduleLabel }}
{{ label }}

A Shift to the Left for Application Security

MarketingWIBU-SYSTEMS AG on July 11, 2018 at 10:39 AM

A recent article in SD Times gave light to the trend that more and more aspects of software development are being forced to “shift left” in the development lifecycle, meaning that the speed in which development teams are releasing new software is making it difficult for the security ops team to keep up. As a result, the responsibilities for creating and enforcing security policies are being shifted back towards the devops teams.

Rani Osnat, VP of product marketing at Aqua Security, noted in the article that “because of the speed in which code is updated and delivered, security can no longer be thought of as an afterthought… Operations teams can no long accept an application as is and plan on securing it once it is deployed in the runtime environment.”

Osnat went on to point out that what’s happening is that “developers are developing more applications faster and delivering code faster than security can catch up to. That’s something where really the only way to address it is not to just give more work to security, but to move some of the burden to the developers in using best practices to secure applications when they are developed.”

From the standpoint of Wibu-Systems, of course, we have devoted ourselves to communicating to ISVs the importance of implementing security by design strategies and providing mechanisms to protect software from even the most unscrupulous hackers.

One of the most secure software protection mechanisms that we recommend is a technique we call CodeMoving. In this case, the application code is moved into a dongle (CmDongle) and executed within that safe environment, making it impossible for a hacker to discern anything about the code and its function.

CodeMoving allows the developer to create as many code fragments as desired for execution in the CmDongle. To move the code, the application is encrypted with our AxProtector tool; all functions to be moved are compiled by AxProtector and encrypted within the application. During runtime, the block in question is moved into the CmDongle, decrypted, and executed with the right input parameters. The output parameters are then returned back to the application.

An internal CodeMoving-API, which provides AES and SHA cryptographic functions, can be used to increase the protection level. Data can be saved temporarily and used again when the next function is called up. Hidden data can also be accessed, although security dictates that this can only be done within the product item that the code fragment is decrypted with.

Given the expectations and demands for accelerated software development cycles it is unrealistic to expect ISVs to understand and keep up with state-of-the-art software security practices. That’s why so many developers are turning to security experts like Wibu-Systems to fill that gap. You can read more about the CodeMoving technique and other software licensing and protection mechanisms in our most recent KEYnote magazine.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Katzbergstraße 3, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.