524,330 active members*
3,250 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

A Shift to the Left for Application Security

July 2018
11
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
A Shift to the Left for Application Security

A recent article in SD Times gave light to the trend that more and more aspects of software development are being forced to “shift left” in the development lifecycle, meaning that the speed in which development teams are releasing new software is making it difficult for the security ops team to keep up. As a result, the responsibilities for creating and enforcing security policies are being shifted back towards the devops teams.

Rani Osnat, VP of product marketing at Aqua Security, noted in the article that “because of the speed in which code is updated and delivered, security can no longer be thought of as an afterthought… Operations teams can no long accept an application as is and plan on securing it once it is deployed in the runtime environment.”

Osnat went on to point out that what’s happening is that “developers are developing more applications faster and delivering code faster than security can catch up to. That’s something where really the only way to address it is not to just give more work to security, but to move some of the burden to the developers in using best practices to secure applications when they are developed.”

From the standpoint of Wibu-Systems, of course, we have devoted ourselves to communicating to ISVs the importance of implementing security by design strategies and providing mechanisms to protect software from even the most unscrupulous hackers.

One of the most secure software protection mechanisms that we recommend is a technique we call CodeMoving. In this case, the application code is moved into a dongle (CmDongle) and executed within that safe environment, making it impossible for a hacker to discern anything about the code and its function.

CodeMoving allows the developer to create as many code fragments as desired for execution in the CmDongle. To move the code, the application is encrypted with our AxProtector tool; all functions to be moved are compiled by AxProtector and encrypted within the application. During runtime, the block in question is moved into the CmDongle, decrypted, and executed with the right input parameters. The output parameters are then returned back to the application.

An internal CodeMoving-API, which provides AES and SHA cryptographic functions, can be used to increase the protection level. Data can be saved temporarily and used again when the next function is called up. Hidden data can also be accessed, although security dictates that this can only be done within the product item that the code fragment is decrypted with.

Given the expectations and demands for accelerated software development cycles it is unrealistic to expect ISVs to understand and keep up with state-of-the-art software security practices. That’s why so many developers are turning to security experts like Wibu-Systems to fill that gap. You can read more about the CodeMoving technique and other software licensing and protection mechanisms in our most recent KEYnote magazine.

0 comments

Blog Archiv

July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016