Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

Okta vulnerability explained (bcrypt auth bypass)

Nov 5, 2024 By Cenk Kalpakoğlu In Kondukto

Okta Bcrypt Authentication Bypass Explained Last week, on October 30th, Okta released an interesting security advisory detailing a vulnerability that could potentially lead to an authentication bypass. According to Okta, the vulnerability was discovered during an internal review and was promptly addressed. Okta was transparent about the issue, sharing the details publicly.

Read Post

Kondukto

Read more about Okta vulnerability explained (bcrypt auth bypass)

Revolutionizing Risk Management in Application Security

Nov 5, 2024 By Donna Namorato In Veracode

In our hyper-connected reality, software applications are the unsung heroes of business operations. But, let's face it, with great tech comes great vulnerability to cyber shakedowns and data leaks. This begs the question: “Is scanning enough to manage risk?” Organizations are playing a high-stakes game of keeping their apps secure to safeguard their secrets.

Read Post

Veracode

Read more about Revolutionizing Risk Management in Application Security

Why is ASPM taking over AppSec?

Nov 1, 2024 By Jit In Jit

Amir Kessler gives his perspective on one of the fundamental challenges of AppSec – making sense of huge volumes of product security issues – and how ASPM can solve this problem.

View Video

Jit

Read more about Why is ASPM taking over AppSec?

How to Fight Security Tool Sprawl with ASPM Extensibility

Nov 1, 2024 By Jit In Jit

Chris Hughes describes the advantages of product security orchestration, which enables security teams to plug their favorite scanners into a single framework that unifies the execution and UX of multiple tools.

View Video

Jit

Read more about How to Fight Security Tool Sprawl with ASPM Extensibility

How to import SBOMs with Mend.io

Oct 31, 2024 By Mend In Mend

Mend.io allows users to import previously generated SBOMs to create a new project within the application. Once imported, licensing and vulnerability data will be associated with your project’s dependencies and will be regularly monitored for updates and new vulnerabilities, similar to any other project in the application.

View Video

Mend

Read more about How to import SBOMs with Mend.io

eBPF Vulnerabilities: Ecosystem and Security Model

Oct 31, 2024 By Andreas Wiese In Kondukto

In this two part blog post we will take a deeper look at eBPF and some of its known vulnerabilities. After a quick introduction to eBPF, how it and its ecosystem works, common attacks, we will talk about how automation and fuzzing can help you to harden your eBPF applications.

Read Post

Kondukto

Read more about eBPF Vulnerabilities: Ecosystem and Security Model

Stress, Certification, and Pen Testing: Nathaniel Shere's Journey - Secrets of AppSec Champions

Oct 29, 2024 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about Stress, Certification, and Pen Testing: Nathaniel Shere's Journey - Secrets of AppSec Champions

CIS Control 16 Application Software Security

Oct 23, 2024 By Matthew Jerzewski In Tripwire

The way in which we interact with applications has changed dramatically over the years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organization's application against it to bypass network security controls and compromise sensitive data.

Read Post

Tripwire

Read more about CIS Control 16 Application Software Security

Threats, Attacks, and Vulnerabilities: Your guide to building a security strategy for cloud apps

Oct 23, 2024 By Datadog In Datadog

In this special edition webinar you’ll hear from Ami Dave, CISO of Fanatics about how Datadog enables Fanatics to scale securely.

View Video

Datadog

Read more about Threats, Attacks, and Vulnerabilities: Your guide to building a security strategy for cloud apps

How to Easily Generate An Accurate SBOM with Black Duck SCA | Black Duck

Oct 17, 2024 By Synopsys In Synopsys

Did you know that open source code constitutes up to 95% of the code in your applications? This creates a web of dependencies that can pose security, quality, and compliance risks. Watch the video to streamline your SBOM generation process and take control of your software supply chain. Black Duck provides a solution by helping you generate an accurate software bill of materials (SBOM) in minutes, giving you visibility into your software supply chain.

View Video