Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

Install the Veracode IntelliJ Plugin

Mar 6, 2023 By Veracode In Veracode

In this video, you will learn how to install the Veracode IntelliJ Plugin, generate API ID and key credentials in the Veracode platform, and store those credentials in IntelliJ. The Veracode IntelliJ Plugin enables you to upload binaries to the Veracode Platform for static security analysis. You can then review the scan results from within IntelliJ IDEA to identify and mitigate potential security findings in your applications.

View Video

Veracode

Read more about Install the Veracode IntelliJ Plugin

Will Biden's National Cybersecurity Strategy Trigger AppSec Change?

Mar 3, 2023 By Rami Sass In Mend

Every federal administration for the past 20 years has issued a cybersecurity strategy, so in one sense the National Cybersecurity Strategy issued by the Biden administration on March 2, 2023 is not unexpected. The big difference, however, lies in the recommendations: For the first time, the government is pressing for regulatory mandates on key industry sectors that control wide swathes of critical infrastructure nationwide.

Read Post

Mend

Read more about Will Biden's National Cybersecurity Strategy Trigger AppSec Change?

Just Who Exactly Should Take Responsibility for Application Security?

Mar 2, 2023 By Carol Hildebrand In Mend

Recent high-profile software supply chain breaches have sharpened the focus on application security. But as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce the number of vulnerabilities that now routinely make it into production applications. However, real life is a little messier.

Read Post

Mend

Read more about Just Who Exactly Should Take Responsibility for Application Security?

Instantly scalable dynamic application security testing

Mar 1, 2023 By Vishrut Iyengar In Synopsys

Reduce complexity, increase scalability, and improve cost-efficiency while providing absolute coverage with DAST solution WhiteHat Dynamic. Despite the proliferation of application security testing (AST) tools in use today, most organizations knowingly or unknowingly push vulnerable code to production.

Read Post

Synopsys

Read more about Instantly scalable dynamic application security testing

AppSec Decoded: Managing your open source risks | Synopsys

Mar 1, 2023 By Synopsys In Synopsys

Learn about the crucial elements to managing open source risks as highlighted in the 2023 OSSRA report.

View Video

Synopsys

Read more about AppSec Decoded: Managing your open source risks | Synopsys

How to Easily Generate An Accurate Software Bill of Materials (SBOM) with Black Duck | Synopsys

Mar 1, 2023 By Synopsys In Synopsys

Did you know that open source code constitutes up to 95% of the code in your applications? This creates a web of dependencies that can pose security, quality, and compliance risks. Black Duck provides a solution by helping you generate an accurate software bill of materials (SBOM) in minutes, giving you visibility into your software supply chain. Watch the video to streamline your SBOM generation process and take control of your software supply chain.

View Video

Synopsys

Read more about How to Easily Generate An Accurate Software Bill of Materials (SBOM) with Black Duck | Synopsys

How to integrate continuous API fuzzing into the CI/CD?

Feb 28, 2023 By Cenk Kalpakoğlu In Kondukto

API security is a growing concern for businesses that offer or consume APIs. APIs, or application programming interfaces, allow different software systems to communicate and exchange data. They allow businesses to build integrations and connect with partners, customers, and other stakeholders. However, as more sensitive data is being shared through APIs, it is essential to ensure that these interfaces are secure and protected from unauthorized access or manipulation. In this blog post, we'll discuss how continuous fuzzing can be a powerful tool to secure APIs and how developers can adopt a "secure by default" approach by integrating continuous fuzzing into SDLC processes.

Read Post

Kondukto

Read more about How to integrate continuous API fuzzing into the CI/CD?

AppSec Decoded: Open source trends uncovered in the 2023 OSSRA report | Synopsys

Feb 28, 2023 By Synopsys In Synopsys

Discover what the 2023 OSSRA report tells us about the popularity of open source and the risks it brings.

View Video

Synopsys

Read more about AppSec Decoded: Open source trends uncovered in the 2023 OSSRA report | Synopsys

SAST Tools: How to Integrate and Scale Security Workflows in the SDLC

Feb 28, 2023 By Juan In Veracode

Static Application Security Testing (SAST) tools present a significant opportunity for organizations looking to reduce application security risk. However, not all workflows or tools are created equal. Using the right SAST tools at the right times, you can seamlessly integrate and scale security workflows throughout the software development lifecycle (SDLC).

Read Post

Veracode

Read more about SAST Tools: How to Integrate and Scale Security Workflows in the SDLC

The CISO's Guide to Application Security Innovation

Feb 21, 2023 By Chris Lindsey In Mend

Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security program, you need to build one. But how do you make sure that your program will be effective?

Read Post