A new Rezilion guide examines the growing trend toward the use of Application Security Posture Management (APSM), which aims to make applications secure and resilient, in turn, significantly reducing business risk. The paper explores the business drivers for ASPM, how ASPM works, what ASPM tools are designed to do, and the benefits of using them. One of the big pain points security teams have is a lack of visibility throughout the continuous development and deployment pipeline.

In this blog you will learn how to easily secure your microservices apps running on Amazon EKS cluster using Panoptica, Cisco's cloud native application security SaaS service. We use an open source Kubernetes Goat application to see common misconfigurations, real-world vulnerabilities, and security issues in Kubernetes clusters, containers, and cloud native environments.

At this year’s AWS re:Invent, Mic McCully, Field CTO at Snyk, spoke with Jacob Salassi, Director of Product Security at Snowflake. They discussed what it looked like for Snowflake to overcome various security challenges with the right combination of processes, company culture shifts, and tool partners (including Snyk!). Read on to learn about the practices Jacob and his team established to create a successful application security program.

IBM’s annual Cost of a Data Breach Report offers its usual insights into the scale of cybercrime and the costs of security breaches. It paints a picture of a technological landscape which is becoming more complex, demanding and uncertain. As organizations increasingly migrate to cloud platforms, the need to fortify these digital landscapes against a plethora of threats has never been more crucial. So, what are the biggest takeaways from this year’s report with focus on cloud security?

Application architectures have been transformed in recent years. Modern application systems have become more complex with monolithic applications being replaced by more complicated applications based on multiple microservices and stored on cloud platforms. These applications run on new technologies based on Kubernetes, an open-source container orchestration system that automates the deployment, scaling, and management of containerized applications.

The philosophy of "shifting left" in software development is transforming the way we approach error and resolution. By moving the focus of error detection to earlier stages in the development cycle, teams can address issues when they are more accessible and less expensive to fix. Integral to this shift-left approach are Git hooks, powerful tools that allow us to enforce quality control right from the code-commit stage.

We’re using more code, software components, and dependencies than ever before, making security breaches an ever-growing threat. It’s easy for developers and DevOps teams to neglect dependency updates when faced with such high volume, but doing so allows applications to fall behind the latest versions if not properly managed. This typically leaves applications using outdated dependencies, which exposes them to ever-increasing security debt and risk.

Cloudflare has a unique vantage point on the Internet. From this position, we are able to see, explore, and identify trends that would otherwise go unnoticed. In this report we are doing just that and sharing our insights into Internet-wide application security trends. This report is the third edition of our Application Security Report. The first one was published in March 2022, with the second published earlier this year in March, and this is the first to be published on a quarterly basis.

While security teams may “run on Dunkin’,” companies run on applications. From Salesforce and Hubspot to ServiceNow and Jira, your organization relies on a complex, interconnected application ecosystem. In 2022, organizations used an average of 130 Software-as-a-Service (SaaS) applications. While these technologies enabled them to reduce costs and achieve revenue targets, they created new security risks.