%term

The latest News and Information on Application Security including monitoring, testing, and open source.

How to Improve Your Security Posture with the Least Effort Using ASPM

Mar 19, 2025 By Elisa Velarde In Veracode

Security posture management has become exponentially more complex for organizations developing and managing a vast ecosystem of applications. Evolving architectures like microservices, hybrid cloud infrastructures, and frequent release cycles introduce constant change and challenges. Amid these growing challenges are the existing security gaps organizations are struggling to address.

Read Post

Veracode

Read more about How to Improve Your Security Posture with the Least Effort Using ASPM

Get the TL;DR: tj-actions/changed-files Supply Chain Attack

Mar 16, 2025 By Mackenzie Jackson In Aikido

The tj-actions/changed-files GitHub Action, which is currently used in over 23,000 repositories, has been compromised, leaking secrets through workflow logs and impacting thousands of CI pipelines. All tagged versions were modified, making tag-based pinning unsafe. Public repositories are at the highest risk, but private repos should also verify their exposure.

Read Post

Aikido

Read more about Get the TL;DR: tj-actions/changed-files Supply Chain Attack

Aptori Now on Google Cloud Marketplace for AI-Powered Security and Automated Risk Remediation

Mar 12, 2025 By Aptori

Aptori's AI-Driven AppSec Platform Proactively Eliminates Vulnerabilities to Minimize Risk and Ensure Compliance.

Read Post

Read more about Aptori Now on Google Cloud Marketplace for AI-Powered Security and Automated Risk Remediation

Scared or Ready: A Pragmatic Way to Approach Security Threats

Mar 12, 2025 By Datadog In Datadog

Security incidents are often making headlines, from ransomware to colossal data leaks. On top of that, making informed security decisions is a challenge in itself, requiring knowledge across product requirements, complex distributed systems, code, architecture, and security. All of which creates a sense of fear, uncertainty, and doubt for those of us who build software. How can we better prepare to respond to potential threats and gain confidence in our security incident response readiness?

View Video

Datadog

Read more about Scared or Ready: A Pragmatic Way to Approach Security Threats

ASPM Buyer's Guide: Find the Right Vendor for Your App Risk Management Needs

Mar 10, 2025 By Natalie Tischler In Veracode

Security teams are overwhelmed. Whether it’s alert overload, a growing backlog of vulnerabilities, or fragmented security data, there’s no finish line in sight. The State of Software Security 2025 report reveals that security debt is rising and flaws times are increasing. Meanwhile, the traditional tools many teams leverage fail to provide the context needed to track risks across the application lifecycle and, importantly, to prioritize them.

Read Post

Veracode

Read more about ASPM Buyer's Guide: Find the Right Vendor for Your App Risk Management Needs

AI Governance in AppSec: The More Things Change, The More They Stay the Same

Mar 7, 2025 By Aurora Starita In Mend

Every hype cycle brings fresh security concerns, and AI is no exception. AI governance might sound like uncharted territory, but it’s really just another evolution of the same security principles AppSec teams have been applying for years. The fundamentals—secure coding, risk management, compliance, and policy enforcement—haven’t changed.

Read Post

Mend

Read more about AI Governance in AppSec: The More Things Change, The More They Stay the Same

Understanding your WAF: How to address common gaps in web application security

Mar 6, 2025 By Emile Spir In Datadog

Web application firewalls (WAFs) are one of the most commonly used tools that organizations deploy to protect their applications at runtime. By monitoring HTTP traffic and filtering out suspicious requests, WAFs act as a protective layer around an application that protects it from certain types of incoming threats. However, WAFs often fall short of expectations.

Read Post

Datadog

Read more about Understanding your WAF: How to address common gaps in web application security

A no-BS Docker security checklist for the vulnerability-minded developer

Mar 6, 2025 By Aikido In Aikido

You want to know the real answer to two questions about Docker security.

Read Post

Aikido

Read more about A no-BS Docker security checklist for the vulnerability-minded developer

Sensing and blocking JavaScript SQL injection attacks

Mar 4, 2025 By Willem Delbare In Aikido

You’ve heard about JavaScript SQL injection attacks before, but you’re not entirely sure what they look like in the wild or if you need to worry about them in the first place. Maybe you’re trying to figure out just how bad it could be. In short, if you’re building apps using SQL databases, like MySQL and PostgreSQL, you’re at risk—you’re not safe from attack methods plaguing developers and their databases for decades.

Read Post

Aikido

Read more about Sensing and blocking JavaScript SQL injection attacks

Best DevSecOps Tools for Application Security in 2025

Feb 20, 2025 By Rucha Wele In Appknox

Building secure applications is about more than just adding security features at the end of the development process. It’s about addressing vulnerabilities and threats as they arise and improving security continuously—right from the start. That’s the power of DevSecOps.

Read Post