AppSec Decoded: How to obtain visibility into your AppSec risk | Synopsys
Too many tests, tools, and findings reduce visibility into your AppSec risk. Learn how an ASPM solution can help.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Application Security
The latest News and Information on Application Security including monitoring, testing, and open source.
This Month in Datadog: Software Composition Analysis, Trace Queries, Retention Analysis, and more
Datadog is constantly elevating the approach to cloud monitoring and security. This Month in Datadog updates you on our newest product features, announcements, resources, and events.
Why MobSF Isn't Ideal for Application Security Testing?
Mobile Security Framework (MobSF), launched by OWASP in 2015, is a partially automated, open-source, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic, and malware analysis. MobSF is one of the most widely used security applications where the testing framework - a simple, flexible, and incredibly powerful tool has quickly become the lingua franca of security. The flexibility and accessibility of the tool are helpful but also dangerous.
Microsoft Azure CLI affected by CVE-2022-39327
CVE-2022-39327 is a code injection vulnerability that affects the command-line interface for Microsoft Azure (Azure CLI). The vulnerability allows an attacker to execute arbitrary commands on a Windows machine that runs an Azure CLI command with untrusted parameter values. The vulnerability was discovered by GitHub Security Lab and reported to Microsoft on October 7, 2022. Microsoft released a patch for the vulnerability on October 25, 2022, in version 2.40.0 of the Azure CLI.
The 2024 Open Source Security and Risk Analysis (OSSRA) Report | Synopsys
Open source is in everything, everywhere, all at once. Get an in-depth look at the current state of open source security with the ninth edition of the “Open Source Security and Risk Analysis”(OSSRA) report. Do you know what's in your code?
How REI built a DevSecOps culture and how Snyk helped
A few years ago, REI embarked on its digital transformation and cloud migration journey, moving on-prem development environments to AWS. But, as REI’s development teams began this transition, their security counterparts noticed that application security just wasn’t keeping up. As a result, REI began another journey: identifying the right security tooling and cultural shifts for AppSec success.
Demystifying Cloud Security: Dispelling Common Misconceptions for Robust Protection
Explore the truth behind cloud security myths. Learn why focusing beyond common vulnerabilities is crucial, delve into application security strategies, and discover the power of bug bounties. Shift your perspective to secure from the inside-out and fortify your multi-cloud presence.
The Cloud Threat Landscape: Security Learnings from 500 Cloud Environments
In this cutting-edge eBook, explore an extensive analysis of the cloud threat landscape, derived from over 500 diverse cloud environments from Panoptica's own unique data set. Gain unparalleled insight into the evolving cloud threat landscape, while deep diving into attack path analysis, and trends across cloud service providers, CVEs, and Kubernetes coverage. This eBook reveals interesting trends in the market to help inform your own organization's cloud security posture and navigate the multi and hybrid cloud environments with increased confidence.
Cloud Unfiltered with Chris Aniszczyk - History of CNCF, Linux FDN, KubeCon & the Future - Episode 3
In this episode, Chris Aniszczyk, CTO of Linux Foundation/CNCF sits down with host, Michael Chenetz to discuss the history of the CNCF (Cloud Native Compute Foundation) and where it is going. Additionally, Chris discusses what he expects the trends to be for the next KubeCon in Paris.
Exploring LLM Hallucinations - Insights from the Cisco Research LLM Factuality/Hallucination Summit
LLMs have many impressive business applications. But a significant challenge remains - how can we detect and mitigate LLM hallucinations? Cisco Research hosted a virtual summit to explore current research in the LLM factuality and hallucination space. The session includes presentations from University professors collaborating with the Cisco Research team, including William Wang (UCSB), Kai Shu (IIT), Danqi Chen (Princeton), and Huan Sun (Ohio State).