Application Security

Application Security | News, how-tos, features, reviews, and videos

conference / convention / audience / applause / clapping
A magnifying lens examines top secret information amid binary code.

programmer developer devops apps developer code hacker dark secrets by peopleimages getty

10 top API security testing tools

Application programming interfaces have become a favorite target for attackers. These tools and platforms (both commercial and open source) will help identify errors, vulnerabilities, and excessive permissions.

USA / United States of America stars + stripes and binary code superimposed over The White House

Software cybersecurity labels face practical, cost challenges

The federal government wants consumer software to have cybersecurity labels; experts question the feasibility of the mandate.

software development / application testing / planning / flow chart / diagram

The case for a SaaS bill of material

A SaaSBOM will provide greater visibility into the components of cloud-based software infrastructure. This proposal shows how to begin to develop one.

iot security startups hot highlights planets rocket lock security

18 cybersecurity startups to watch

Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management,...

Data Security

Java deserialization vulnerabilities explained and how to defend against them

Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't safeguards in place.

blind spot side view mirror car vehicle

Security blind spots persist as companies cross-breed security with devops

As devops matures into devsecops, cultural obstacles continue to exert drag.

container ship storage transport colorful containers diversity outsourcing

Kubernetes hardening: Drilling down on the NSA/CISA guidance

The new guidance gives a solid foundation for hardening Kubernetes container environments. These are its key components and why they are important.

mobile security login password

5 riskiest mobile apps

Unsanctioned applications on corporate mobile devices is a security headache. Here are the five types of apps CISOs never want to find on corporate mobile devices, with strategies for mitigating the risks they pose.

man in bed nightmare what keeps you up at night stress sleeping by gorodenkoff getty images

Why code reuse is still a security nightmare

Despite best efforts to track software dependencies, blind spots still exist leading to silent vulnerabilities in software.

lock circuit board bullet hole computer security breach

The 15 biggest data breaches of the 21st century

Data breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory.

Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

NIST’s EO-mandated software security guidelines could be a game-changer

While experts applaud the new security guidance, it's unclear whether software vendors will completely embrace and implement the needed security practices.

vulnerable breach cyberattack hacker

Securing CI/CD pipelines: 6 best practices

Criminals are exploiting vulnerabilities in continuous integration/continuous delivery pipelines to steal sensitive information, mine cryptocurrencies, and deliver malicious code.

Hands use a keyboard at a desktop display showing lines of code in a dimly lit workspace.

Securing infrastructure as code: Perils and best practices

Some organizations are leaving themselves vulnerable when they adopt an infrastructure-as-code approach. Here's how to avoid misconfigurations and insecure templates.

USA / United States of America stars + stripes and binary code superimposed over The White House

NIST defines "critical software" with a broad range of security functions

The goal is to enable stronger security practices for government-purchased software mandated by President Biden's cybersecurity executive order.

API security alerts displayed on monitors amid binary code / application security

Government-mandated SBOMs to throw light on software supply chain security

The US government will soon require vendors to provide a software bill of materials to help ensure integrity of an application's components.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

10 old software bugs that took way too long to squash

As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.

malware attack

6 most common types of software supply chain attacks explained

Not all software supply chain attacks are the same. Here are the methods attackers currently use to corrupt legitimate software through third parties.

teamwork / developers / programmers / collaboration / group conversation, discussion, gesturing

Tailor security training to developers to tackle software supply chain risks

Software developers need specialized security awareness training to help them spot supply chain risk and avoid being victimized by attackers.

Load More
You Might Also Like