Application Security

Application Security | News, how-tos, features, reviews, and videos

conference / convention / audience / applause / clapping
programming / coding elements / lines of code / development / developers / teamwork

certification woman on laptop programmer devops data scientist by picjumbo

Backslash AppSec solution targets toxic code flows, threat model automation

New cloud-native solution aims to address time-consuming, manual methods for discovering and mapping application code security risks.

tiktok logo small

UK bans TikTok on government devices over data security fears

The UK has joined international partners in banning social media app TikTok from government electronic devices over concerns the Chinese-owned app could pose a security risk.

programmer devops certification skills code data scientist student by fatos bytyqi unsplash

GitHub begins 2FA rollout for code contributors

GitHub’s 2FA rollout seeks to enhance the security of developer accounts and protect the software supply chain.

leaky faucet by Maarten Van Damme, CC BY 2.0 via Flickr

Hard-coded secrets up 67% as secrets sprawl threatens software supply chain

2022 was a particularly leaky year in relation to secrets, GitGuardian’s latest State of Secrets Sprawl report finds.

shutterstock 1808484295 board meeting security

Open letter demands OWASP overhaul, warns of mass project exodus

The viability of the Open Worldwide Application Security Project for the modern open-source software landscape has been called into question.

USA / United States of America stars + stripes and binary code superimposed over The White House

White House releases an ambitious National Cybersecurity Strategy

The Biden administration's National Cybersecurity Strategy calls for more regulation on critical infrastructure providers and holds software providers accountable for their insecure products.

shutterstock 1748437547 cloud computing cloud architecture edge computing

Gitpod flaw shows cloud-based development environments need security assessments

The quickly fixed flaw could have allowed attackers to take over accounts in the CDE and perform remote code execution.

code programming software bugs cybersecurity

Software liability reform is liable to push us off a cliff

Regulatory mandates for software security like those in the Biden Administration's National Cybersecurity Strategy could cause more problems than they solve.

Profile photo of a developer / programmer reviewing code on monitors in his workspace.

Malicious package flood on PyPI might be sign of new attacks to come

The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.

cybersecurity  >  information security / data protection / lock / shield / layers of integration

Cybersecurity startup Oligo debuts with new application security tech

An Israeli startup targets open source code vulnerabilities with advanced agentless filtering technology.

Person holding phone near a laptop while getting two-factor authentication info

Descope launches authentication and user management SaaS

Descope’s first product allows developers to build authentication and user management functions in applications.

kubernetes

Expel announces MDR for Kubernetes with MITRE ATT&CK framework alignment

Expel MDR for Kubernetes addresses three core layers of Kubernetes applications: configuration, control panel, and run-time security.

shutterstock 1808484295 board meeting security

Critical vulnerability patched in Jira Service Management Server and Data Center

Atlassian has issued fixed versions of the software and described a workaround to the flaw that could make access tokens available to attackers.

Profile photo of a developer / programmer reviewing code on monitors in his workspace.

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

The OSC&R Framework aims to help security professionals better understand and measure software supply chain risk.

A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

IoT, connected devices biggest contributors to expanding application attack surface

New report shines light on application security challenges impacting global businesses.

Patch + update options  >  Pixelized tools + refresh symbol with branching paths

9 API security tools on the frontlines of cybersecurity

Top API security tools can help hold the line against modern threats to the important and ubiquitous software development interfaces.

help desk / call center / support network

Perception Point launches Advanced Threat Protection for Zendesk

Perception Point says new platform has been built to help protect vulnerable help desks and customer support teams from external threats such as malicious content within tickets.

ladybugs bugs

CloudSek launches free security tool that helps users win bug bounty

The company claims the tool has already helped users rake in over $70,000 in bug bounties from various software companies.

Load More