Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

Weaponizing the Utility of Jenkins Script Consoles

Sep 15, 2023 By Rami H. In Panoptica

Jenkins misconfigurations can have far-reaching consequences; Cisco Panoptica’s attack surface scanner can detect such misconfigurations. Jenkins is a widely used tool for continuous integration and continuous delivery and deployment (CI/CD). It allows enterprise developers to automate application delivery easily, either through an enterprise-hosted or a third-party hosted Jenkins service.

Read Post

Panoptica

Read more about Weaponizing the Utility of Jenkins Script Consoles

Release with Trust or Die. Key swampUP 2023 Announcements

Sep 14, 2023 By Yoav Landman In JFrog

Every year, JFrog brings the DevOps community and some of the world’s leading corporations together for the annual swampUP conference, aimed at providing real solutions to developers and development teams in practical ways to prepare us all for what’s coming next.

Read Post

JFrog

Read more about Release with Trust or Die. Key swampUP 2023 Announcements

How ASPM Can Help with Software Supply Chain Security

Sep 12, 2023 By Rezilion In Rezilion

Application security posture management (ASPM) aims to change the conversation and strategy around software supply chain security. Application portfolios are growing significantly, which is creating headaches for security teams that are responsible for identifying and remediating vulnerabilities flagged in applications. Meanwhile, some of these applications may have been created without IT oversight or awareness, and that only compounds the stress.

Read Post

Rezilion

Read more about How ASPM Can Help with Software Supply Chain Security

Container Security Fundamentals - Linux Capabilities (Part 1)

Sep 11, 2023 By Datadog In Datadog

In this video we're looking at how Linux capabilities can be used by general programs and containers to provide only specific rights they need instead of providing "root" privileges. To learn more, read our blog on Datadog’s Security Labs site.

View Video

Datadog

Read more about Container Security Fundamentals - Linux Capabilities (Part 1)

Software risk as business risk: The importance of building trusted software | Synopsys

Sep 7, 2023 By Synopsys In Synopsys

Join us at the Synopsys User Conference 2023 in Bengaluru as we explore the critical link between software risk and business risk. Discover the implications of software vulnerabilities, cybersecurity incidents, and the importance of building trust in your software supply chain. Gain insights into managing business velocity while maintaining secure software development practices. Learn why software security is a top priority in today's rapidly evolving technological landscape and how it impacts your organization's risk management.

View Video

Synopsys

Read more about Software risk as business risk: The importance of building trusted software | Synopsys

Move over Traditional AppSec: Here Comes Application Security Posture Management

Sep 5, 2023 By Rezilion In Rezilion

A new Rezilion guide examines the growing trend toward the use of Application Security Posture Management (APSM), which aims to make applications secure and resilient, in turn, significantly reducing business risk. The paper explores the business drivers for ASPM, how ASPM works, what ASPM tools are designed to do, and the benefits of using them. One of the big pain points security teams have is a lack of visibility throughout the continuous development and deployment pipeline.

Read Post

Rezilion

Read more about Move over Traditional AppSec: Here Comes Application Security Posture Management

AppSec Decoded: Strategies for identifying and preventing malicious code in your SDLC | Synopsys

Sep 5, 2023 By Synopsys In Synopsys

The threat of malicious packages in npm is real and requires proactive measures to mitigate the risks. Learn about the strategies developers can adopt to protect their apps.

View Video

Synopsys

Read more about AppSec Decoded: Strategies for identifying and preventing malicious code in your SDLC | Synopsys

Getting Started with Panoptica on AWS using Kubernetes Goat

Sep 1, 2023 By Jan Schulte In Panoptica

In this blog you will learn how to easily secure your microservices apps running on Amazon EKS cluster using Panoptica, Cisco's cloud native application security SaaS service. We use an open source Kubernetes Goat application to see common misconfigurations, real-world vulnerabilities, and security issues in Kubernetes clusters, containers, and cloud native environments.

Read Post

Panoptica

Read more about Getting Started with Panoptica on AWS using Kubernetes Goat

A CISO's Guide to Cloud Application Security

Sep 1, 2023 By Wallarm

The following guidelines will help senior stakeholders set strategy to secure modern applications, learning: Applications are the operational mechanism for how a modern enterprise conducts transactions and uses data. Whether internal or customer-facing, apps are critical for your successful business operations. That means securing apps should be a business priority.

Get Guide

Wallarm

Read more about A CISO's Guide to Cloud Application Security

7 AppSec tips from Snowflake's Director of Product Security

Aug 31, 2023 By Brian Piper In Snyk

At this year’s AWS re:Invent, Mic McCully, Field CTO at Snyk, spoke with Jacob Salassi, Director of Product Security at Snowflake. They discussed what it looked like for Snowflake to overcome various security challenges with the right combination of processes, company culture shifts, and tool partners (including Snyk!). Read on to learn about the practices Jacob and his team established to create a successful application security program.

Read Post