A few years ago, REI embarked on its digital transformation and cloud migration journey, moving on-prem development environments to AWS. But, as REI’s development teams began this transition, their security counterparts noticed that application security just wasn’t keeping up. As a result, REI began another journey: identifying the right security tooling and cultural shifts for AppSec success.

Even as the speed of software development increases, security remains a paramount concern. As organizations strive to keep pace with rapid innovation, they grapple with the dual challenge of maintaining agility while ensuring the security of their software products. Enter AppSec on the Move 2024, a pivotal event that promises to shed light on strategies for improving the return on investment (ROI) of application security (AppSec).

Most security tools waste developers’ time. We’re on a mission to fix this. Application Developers aren't paid to care about security. Their performance is measured by the speed at which they can add value to the business through new features or enhancements. This makes traditional security tools a hindrance as they're not built for developers — plus, they're not designed to be helpful.

For security leaders, building a strong working relationship with your CISO often comes down to your ability to provide clear reports and concise risk summaries. Your reports allow CISOs to perform a vital responsibility of their role: translating highly technical security jargon into actionable recommendations that will reduce risk and improve security maturity across the organization. And in the case of a breach or zero-day event, CISOs may be the bearer of bad news.

As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk.

Today, the speed and quality of software delivery are more critical to business success than ever. This highlights the importance of integrating security within the development lifecycle to maintain high velocity. In the ongoing race to extract business value from software and technology, the agility and efficiency of development teams are vital. Static Application Security Testing (SAST) plays a key role in this context, providing a vital tool for secure development.

This is an overview of the CVE-2023-40598 vulnerability, which affects Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1. We will explain the nature of the vulnerability, how it can be exploited, and how it can be fixed. We will also provide code examples, links to web pages with valuable information, and tips on how to prevent similar vulnerabilities in the future.

Many security vendors offer automated detection of cloud applications and services, classifying them into categories and exposing attributes such as security risk, compliance, company status etc. Users can then apply different security measures, including setting firewall, CASB and DLP policies, based on the apps categories and attributes. It makes sense to conclude that the more apps are classified, the merrier. However, such a conclusion must be taken with a grain of salt.

Enterprise cybersecurity must constantly evolve to meet the threat posed by new malware variants and increasingly sophisticated hacker tactics, techniques, and procedures. This need drives the way security professionals categorize different technologies and approaches. The difference between network security and application security is an excellent example. These two components of the enterprise IT environment must be treated separately in any modern cybersecurity framework.