Application Security
Application Security | News, how-tos, features, reviews, and videos
Backslash AppSec solution targets toxic code flows, threat model automation
New cloud-native solution aims to address time-consuming, manual methods for discovering and mapping application code security risks.
UK bans TikTok on government devices over data security fears
The UK has joined international partners in banning social media app TikTok from government electronic devices over concerns the Chinese-owned app could pose a security risk.
GitHub begins 2FA rollout for code contributors
GitHub’s 2FA rollout seeks to enhance the security of developer accounts and protect the software supply chain.
Hard-coded secrets up 67% as secrets sprawl threatens software supply chain
2022 was a particularly leaky year in relation to secrets, GitGuardian’s latest State of Secrets Sprawl report finds.
Open letter demands OWASP overhaul, warns of mass project exodus
The viability of the Open Worldwide Application Security Project for the modern open-source software landscape has been called into question.
White House releases an ambitious National Cybersecurity Strategy
The Biden administration's National Cybersecurity Strategy calls for more regulation on critical infrastructure providers and holds software providers accountable for their insecure products.
Gitpod flaw shows cloud-based development environments need security assessments
The quickly fixed flaw could have allowed attackers to take over accounts in the CDE and perform remote code execution.
Software liability reform is liable to push us off a cliff
Regulatory mandates for software security like those in the Biden Administration's National Cybersecurity Strategy could cause more problems than they solve.
Malicious package flood on PyPI might be sign of new attacks to come
The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.
Cybersecurity startup Oligo debuts with new application security tech
An Israeli startup targets open source code vulnerabilities with advanced agentless filtering technology.
Descope launches authentication and user management SaaS
Descope’s first product allows developers to build authentication and user management functions in applications.
Expel announces MDR for Kubernetes with MITRE ATT&CK framework alignment
Expel MDR for Kubernetes addresses three core layers of Kubernetes applications: configuration, control panel, and run-time security.
Critical vulnerability patched in Jira Service Management Server and Data Center
Atlassian has issued fixed versions of the software and described a workaround to the flaw that could make access tokens available to attackers.
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs
The OSC&R Framework aims to help security professionals better understand and measure software supply chain risk.
IoT, connected devices biggest contributors to expanding application attack surface
New report shines light on application security challenges impacting global businesses.
9 API security tools on the frontlines of cybersecurity
Top API security tools can help hold the line against modern threats to the important and ubiquitous software development interfaces.
Perception Point launches Advanced Threat Protection for Zendesk
Perception Point says new platform has been built to help protect vulnerable help desks and customer support teams from external threats such as malicious content within tickets.
CloudSek launches free security tool that helps users win bug bounty
The company claims the tool has already helped users rake in over $70,000 in bug bounties from various software companies.