Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

Introducing Veracode Risk Manager: A New Chapter in ASPM Built for Scale

Nov 13, 2024 By Derek Maki In Veracode

In a digital world that’s evolving faster than ever, industry landscapes are shifting, and customer needs are becoming more complex. At Veracode, we recognize these fundamental changes in the application security space. That’s why Veracode strategically acquired Longbow Security, now rebranded as Veracode Risk Manager.

Read Post

Veracode

Read more about Introducing Veracode Risk Manager: A New Chapter in ASPM Built for Scale

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

Nov 13, 2024 By Wallarm In Wallarm

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast attack surface that’s challenging to defend with traditional methods alone.

Read Post

Wallarm

Read more about Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

Auditing Your Security Program with Roddy Bergeron - Secrets of AppSec Champions Podcast

Nov 12, 2024 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about Auditing Your Security Program with Roddy Bergeron - Secrets of AppSec Champions Podcast

How ASPM boosts visibility to manage application risk

Nov 12, 2024 By Daniel Berman In Snyk

How often are you surprised by a threat or vulnerability from a software asset you never knew existed? For many companies, the answer is, “More often than we’d like.” This is because you can’t protect what you can’t see. Full visibility across the entire software supply chain is a must for AppSec teams, but this comprehensive view across the attack surface can be elusive.

Read Post

Snyk

Read more about How ASPM boosts visibility to manage application risk

Secure Python code faster with Code Sight: Real-time issue detection in Visual Studio | Black Duck

Nov 12, 2024 By Synopsys In Synopsys

Join David Bohannan, an R&D engineer at Black Duck, as he demonstrates using Black Duck's IDE plug-in, Code Sight to run static analysis on Python code within Visual Studio. Watch as Code Sight instantly detects vulnerabilities like OS command injection and cross-site request forgery while code is being written, helping developers fix issues early in the software lifecycle. David will demonstrate how leveraging Coverity's Rapid Scanning engine through Code Sight can allow developers to tackle issues such as secret scanning and ensure hardcoded secrets are flagged before they become risks to applications further downstream.

View Video

Synopsys

Read more about Secure Python code faster with Code Sight: Real-time issue detection in Visual Studio | Black Duck

Jit Open ASPM Platform Overview

Nov 12, 2024 By Jit In Jit

In five minutes, explore Jit's core product capabilities to empower developers to secure everything they code and unify product security risk mitigation.

View Video

Jit

Read more about Jit Open ASPM Platform Overview

The State of SQL Injection

Nov 11, 2024 By Mackenzie Jackson In Aikido

SQL injection (SQLi) has a history that is older than Internet Explorer (which according to Gen Z was the start of civilization). There have been thousands of breaches caused by SQL injection and an endless amount of well-documented best practices and tools to help prevent it. So surely, surely we learned our lesson from these breaches and SQLi is no longer an issue.

Read Post

Aikido

Read more about The State of SQL Injection

OWASP Top 10 LLM is Dead: Here's Why

Nov 11, 2024 By Mend In Mend

The OWASP Top 10 for LLMs is getting an update! But is v2 going to be significantly different from v1? Check out Bar-El Tayouri's take on what's new in v2 and how it impacts hashtag#GenAI security.

View Video

Mend

Read more about OWASP Top 10 LLM is Dead: Here's Why

The 7 Essential Steps for Ensuring Mobile App Security

Nov 8, 2024 By Lookout In Lookout

Mobile devices now account for more than half of all web traffic, and that number seems poised to increase over the next few years. Between the Apple App Store and Google Play Store, there are already more than 5 million applications available — and not all of them are safe. A smart mobile app security strategy can mitigate some of the threats that come from unauthorized, misconfigured, or malicious software.

Read Post

Lookout

Read more about The 7 Essential Steps for Ensuring Mobile App Security

Visma's Security Boost with Aikido: A Conversation with Nikolai Brogaard

Nov 6, 2024 By Michiel Denis In Aikido

"Aikido helps us catch the blind spots in our security that we couldn’t fully address with our existing tools. It’s been a game-changer for us beyond just the SCA (Software Composition Analysis) solutions we originally brought them in for." A little while ago, we shared that Visma chose Aikido Security for its portfolio companies. Recently, we had the pleasure of having Nicolai Brogaard, Service Owner of SAST & SCA over in our Belgian headquarters.

Read Post