Application Security

Application Security | News, how-tos, features, reviews, and videos

conference / convention / audience / applause / clapping
API security alert / software development / application flow chart diagram

post 11 image foundational cloud security with cis benchmarks

Lacework releases cloud-native application security service

The cloud native application protection platform (CNAPP) capability for Lacework’s Polygraph Data Platform offers snapshot analysis of potential attack paths and insights into application workloads.

programmer certification skills code devops glasses student by kevin unsplash

GitHub releases new SDLC security features including private vulnerability reporting

GitHub also announces CodeQL support for Ruby programming language and coverage/risk overviews to help users secure the software development lifecycle.

noops code developer devops html web developer by mazimusnd getty

Rezilion expands SBOM to support Windows environments

Organizations can now apply Rezilion’s SBOM to Windows environments to manage software vulnerabilities and meet regulatory standards.

lock circuit board bullet hole computer security breach

The 15 biggest data breaches of the 21st century

Data breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory.

cloud computing / cloud network

Qualys previews TotalCloud FlexScan for multicloud security management

Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

Azul detects Java vulnerabilities in production apps

Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.

protective shield / binary code / COVID-19 coronavirus morphology

The OSPO – the front line for secure open-source software supply chain governance

An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...

skull and crossbones in binary code

Supply chain attacks increased over 600% this year and companies are falling behind

Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.

programmer certification skills developer devops data scientist laptop by brayden george unsplash

GitGuardian adds IaC scanning to code security platform to protect SDLC

Vendor says new infrastructure-as-code (IaC) scanning features will help teams develop and run secure code as software development and supply chain security continues to be high on the agenda.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

11 old software bugs that took way too long to squash

As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.

teamwork / developers / programmers / collaboration / conversation, discussion, gesturing

Enterprises embrace devsecops practices against supply chain attacks

Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...

Profile photo of a developer / programmer reviewing code on monitors in his workspace.

Palo Alto adds software composition analysis to Prisma Cloud to boost open-source security

Palo Alto Networks has added a new SCA solution to Prisma Cloud to help developers safely use open-source software components. The vendor has also introduced a software bill of materials.

SAP sign

Most common SAP vulnerabilities attackers try to exploit

Unpatched systems, misconfigurations and vulnerable custom code are making SAP environments a top target for cyberattacks.

Application security  >  Software code + data protected with a lock

US OMB releases guidance on federal agency software security requirements

The guidance aims to improve the security of software federal agencies use, but expects self-attestation for compliance.

software development / application testing / planning / flow chart / diagram

U.S. government issues guidance for developers to secure the software supply chain: Key takeaways

The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.

Two developers collaborate on a project as they review code on a display in their workspace.

AutoRabit launches devsecops tool for Salesforce environments

CodeScan Shield comes with a new module, OrgScan, which governs organizational policies by enforcing the security and compliance rules mandated for Salesforce environments.

Abstract Java code

8 notable open-source security initiatives of 2022

Vendors, collectives and governments are contributing to improve the security of open-source code, software, and development amid organizations’ increasing use of open-source resources.

certification programmer binary laptop devops by pixabay

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies.

Load More
You Might Also Like