Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

Reporting AppSec risk up to your CISO

Feb 13, 2024 By Kate Powers Burke In Snyk

For security leaders, building a strong working relationship with your CISO often comes down to your ability to provide clear reports and concise risk summaries. Your reports allow CISOs to perform a vital responsibility of their role: translating highly technical security jargon into actionable recommendations that will reduce risk and improve security maturity across the organization. And in the case of a breach or zero-day event, CISOs may be the bearer of bad news.

Read Post

Snyk

Read more about Reporting AppSec risk up to your CISO

Key Findings from CrowdStrike's 2024 State of Application Security Report

Feb 13, 2024 By Jamie Gale In CrowdStrike

As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk.

Read Post

CrowdStrike

Read more about Key Findings from CrowdStrike's 2024 State of Application Security Report

Kubernetes Security Fundamentals: API Security - Part 1

Feb 13, 2024 By Datadog In Datadog

In this video, we’ll start looking at the details of how Kubernetes secures the various APIs it uses, looking at etcd. For more information, please see our security labs blog.

View Video

Datadog

Read more about Kubernetes Security Fundamentals: API Security - Part 1

Cloud Unfiltered with Ayse Kaya - Container Security Report - Episode 1

Feb 13, 2024 By Panoptica In Panoptica

Join host Michael Chenetz and returning guest Ayse Kaya as they delve into the critical topic of container security. This episode covers the latest insights from the 2023 SlimAI Container Report, focusing on the challenges and advancements in this ever-evolving field.

View Video

Panoptica

Read more about Cloud Unfiltered with Ayse Kaya - Container Security Report - Episode 1

Redefining SAST: When AppSec Meets Developer Experience

Feb 7, 2024 By Guillaume Montard In Bearer

Today, the speed and quality of software delivery are more critical to business success than ever. This highlights the importance of integrating security within the development lifecycle to maintain high velocity. In the ongoing race to extract business value from software and technology, the agility and efficiency of development teams are vital. Static Application Security Testing (SAST) plays a key role in this context, providing a vital tool for secure development.

Read Post

Bearer

Read more about Redefining SAST: When AppSec Meets Developer Experience

Introducing Motific.ai. Accelerate your GenAI adoption journey.

Feb 6, 2024 By Panoptica In Panoptica

Unlock rapid, trusted delivery of GenAI capabilities in your organization and streamline management of GenAI building blocks. Outshift is Cisco’s incubation engine, innovating what's next and new for Cisco products and sharing our expertise on emerging technologies. Discover the latest on cloud native applications, cloud application security, generative AI, quantum networking and security, future-forward tech research, our latest open source projects and more.

View Video

Panoptica

Read more about Introducing Motific.ai. Accelerate your GenAI adoption journey.

Splunk Enterprise affected by CVE-2023-40598

Feb 5, 2024 By Kondukto Security Team In Kondukto

This is an overview of the CVE-2023-40598 vulnerability, which affects Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1. We will explain the nature of the vulnerability, how it can be exploited, and how it can be fixed. We will also provide code examples, links to web pages with valuable information, and tips on how to prevent similar vulnerabilities in the future.

Read Post

Kondukto

Read more about Splunk Enterprise affected by CVE-2023-40598

Busting the App Count Myth

Feb 1, 2024 By Avishay Zawoznik In Cato Networks

Many security vendors offer automated detection of cloud applications and services, classifying them into categories and exposing attributes such as security risk, compliance, company status etc. Users can then apply different security measures, including setting firewall, CASB and DLP policies, based on the apps categories and attributes. It makes sense to conclude that the more apps are classified, the merrier. However, such a conclusion must be taken with a grain of salt.

Read Post

Cato Networks

Read more about Busting the App Count Myth

Automated SCM project scanning with Black Duck SCA | Synopsys

Feb 1, 2024 By Synopsys In Synopsys

Black Duck’s automated project onboarding meets teams where they already are and enables them to quickly onboard and scan multiple projects in a single step. This means no manual scanning needed, and no interfacing with builds or pipeline – these scans are mapped and executed entirely within Black Duck. In this video, we'll demonstrate how to.

View Video

Synopsys

Read more about Automated SCM project scanning with Black Duck SCA | Synopsys

The Beginner's Guide to Attack Paths

Feb 1, 2024 By Panoptica

In the ever-evolving landscape of multi-cloud environments, the future of cloud security demands a paradigm shift. In this eBook, dive into the details of how looking at cloud environments from the perspective of an attacker to identify and prioritize critical security risks, can improve your cloud security. The power of the attack path is not just about surfacing findings; it's about visualizing them in a way that brings clarity to complexity, empowering you to make informed decisions swiftly.

Get EBook