Application Security

Application Security | News, how-tos, features, reviews, and videos

programmer abstract code glasses devops certification skills kevin unsplash
Feature

How chaos engineering can help DevSecOps teams find vulnerabilities

Hands are stacked together in unity and trust. [colleagues / teamwork / collaboration]
News Analysis

Tech sector embraces public-private collaboration on open-source software security

hot and cold fire and ice clash temperature
Feature

7 hot cybersecurity trends (and 2 going cold)

Is that security trend hot or not? From tools and technologies to threats and tactics, the numbers don't lie.

conference / convention / audience / applause / clapping
Feature

The CSO guide to top security conferences, 2022

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

iot security startups hot highlights planets rocket lock security
Feature

18 cybersecurity startups to watch

Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management,...

USA / United States of America stars + stripes and binary code superimposed over The White House
News Analysis

NIST gears up for software security and IoT labeling pilot programs

Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.

Abstract Java code
News

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it.

noops devops automated developers ai code by andrey suslov
News Analysis

NIST workshop provides clues to upcoming software supply chain security guidelines

Experts at a NIST-sponsored workshop weigh in on what might be in the final version of the Biden executive-order-mandated supply chain security guidelines.

female developer programmer devops next generation it staff
Feature

Software composition analysis explained, and how it identifies open-source software risks

SCA tools give insight into open-source software components and the vulnerabilities they have.

Conceptual image of a password amid hexadecimal code.
Feature

4 tools to prevent leaks in public code repositories

Use these tools to find your company's exposed secrets in repositories such as GitLab, GitHub, or Google Cloud Build before attackers do.

programmer developer devops apps developer code hacker dark secrets by peopleimages getty
Feature

How software reliability can help drive software security

Adopting both devsecops and site reliability engineering concepts increases software availability and security by improving stability and shortening time to implement fixes.

noops code developer devops html web developer by mazimusnd getty
Feature

NIST's new devsecops guidance to aid transition to cloud-native apps

The NIST guidance dives into technical and procedural nuances associated with implementing devsecops with cloud-native applications and microservices architectures.

A magnifying lens examines top secret information amid binary code.
Feature

How corporate data and secrets leak from GitHub repositories

Attackers constantly search public code repositories like GitHub for secrets developers might inadvertently leave behind, and any tiny mistake can be exploited.

programmer developer devops apps developer code hacker dark secrets by peopleimages getty
Feature

10 top API security testing tools

Application programming interfaces have become a favorite target for attackers. These tools and platforms (both commercial and open source) will help identify errors, vulnerabilities, and excessive permissions.

USA / United States of America stars + stripes and binary code superimposed over The White House
News Analysis

Software cybersecurity labels face practical, cost challenges

The federal government wants consumer software to have cybersecurity labels; experts question the feasibility of the mandate.

software development / application testing / planning / flow chart / diagram
Opinion

The case for a SaaS bill of material

A SaaSBOM will provide greater visibility into the components of cloud-based software infrastructure. This proposal shows how to begin to develop one.

Data Security
Feature

Java deserialization vulnerabilities explained and how to defend against them

Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't safeguards in place.

blind spot side view mirror car vehicle
News

Security blind spots persist as companies cross-breed security with devops

As devops matures into devsecops, cultural obstacles continue to exert drag.

container ship storage transport colorful containers diversity outsourcing
Feature

Kubernetes hardening: Drilling down on the NSA/CISA guidance

The new guidance gives a solid foundation for hardening Kubernetes container environments. These are its key components and why they are important.

mobile security login password
Feature

5 riskiest mobile apps

Unsanctioned applications on corporate mobile devices is a security headache. Here are the five types of apps CISOs never want to find on corporate mobile devices, with strategies for mitigating the risks they pose.

Load More