Application Security

Application Security | News, how-tos, features, reviews, and videos

mobile security login password
man in bed nightmare what keeps you up at night stress sleeping by gorodenkoff getty images

lock circuit board bullet hole computer security breach

The 15 biggest data breaches of the 21st century

Data breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory.

Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

NIST’s EO-mandated software security guidelines could be a game-changer

While experts applaud the new security guidance, it's unclear whether software vendors will completely embrace and implement the needed security practices.

vulnerable breach cyberattack hacker

Securing CI/CD pipelines: 6 best practices

Criminals are exploiting vulnerabilities in continuous integration/continuous delivery pipelines to steal sensitive information, mine cryptocurrencies, and deliver malicious code.

conference / convention / audience / applause / clapping

The CSO guide to top security conferences, 2021

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

iot security startups hot highlights planets rocket lock security

12 cybersecurity startups to watch

Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management,...

Hands use a keyboard at a desktop display showing lines of code in a dimly lit workspace.

Securing infrastructure as code: Perils and best practices

Some organizations are leaving themselves vulnerable when they adopt an infrastructure-as-code approach. Here's how to avoid misconfigurations and insecure templates.

USA / United States of America stars + stripes and binary code superimposed over The White House

NIST defines "critical software" with a broad range of security functions

The goal is to enable stronger security practices for government-purchased software mandated by President Biden's cybersecurity executive order.

API security alerts displayed on monitors amid binary code / application security

Government-mandated SBOMs to throw light on software supply chain security

The US government will soon require vendors to provide a software bill of materials to help ensure integrity of an application's components.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

10 old software bugs that took way too long to squash

As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.

malware attack

6 most common types of software supply chain attacks explained

Not all software supply chain attacks are the same. Here are the methods attackers currently use to corrupt legitimate software through third parties.

teamwork / developers / programmers / collaboration / group conversation, discussion, gesturing

Tailor security training to developers to tackle software supply chain risks

Software developers need specialized security awareness training to help them spot supply chain risk and avoid being victimized by attackers.

vulnerable breach cyberattack hacker

How API attacks work, and how to identify and prevent them

Attackers know how to get around WAFs and API gateways when targeting APIs. Here's how some companies are coping with the rapid increase in API attacks.

A 'GitHub social coding' mug sits in a desktop workspace.

15 open source GitHub projects for security pros

GitHub has a ton of open-source options for security professionals, with new entries every day. Add these tools to your collection and work smarter.

tools drill bits toolkit tookapic free cc0 via pexels binary thinkstock

21 best free security tools

Check out these free, standout software tools that will make your daily security work easier, whether it's pen-testing, OSINT, vulnerability assessment, and more.

Missed target arrows bullseye

7 most common ways to fail at DevSecOps

DevSecOps initiatives are fraught with peril and require careful consideration of culture, learning, process and business needs. Here's how companies tend to fail in those areas.

security posture / cybersecurity landscape / binary eye / locks / keyholes / firewall / gears

4 steps to better security hygiene and posture management

Increasing scale and complexity have made keeping up with security hygiene and posture management cumbersome and error prone, leaving organizations exposed. Here's what leading CISOs are doing to close the gap.

backdoor / abstract security circuits, locks and data blocks

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

CSO > breakthrough / penetration testing / sledgehammer breaking through a binary wall

5 tips for a successful penetration testing program

Proper preparation is key to finding the real weaknesses and vulnerabilities in your network through a pentest. These are the five things you need to do before starting.

Load More