Wilmington, NC, USA
Sep 7, 2023   |  By Cenk Kalpakoğlu
One of the biggest challenges that application security engineers are facing is the large amount of false positives from security scanners. False positives are results that indicate a vulnerability where there is none, or where the risk is negligible. Triaging these false positives wastes a lot of time.
Aug 28, 2023   |  By Cenk Kalpakoğlu
As companies increasingly digitalized, the necessity for cybersecurity has never been more vital. Product security engineers are in great demand since they are responsible for securing software products, operating systems, and the underlying infrastructure against potential attacks. Assuming you're interested in cybersecurity and want to work in it, this article will provide the information you need to begin your own career path as a product and application security engineer.
Aug 22, 2023   |  By Cenk Kalpakoğlu
The philosophy of "shifting left" in software development is transforming the way we approach error and resolution. By moving the focus of error detection to earlier stages in the development cycle, teams can address issues when they are more accessible and less expensive to fix. Integral to this shift-left approach are Git hooks, powerful tools that allow us to enforce quality control right from the code-commit stage.
Jul 27, 2023   |  By Suphi Cankurt
OWASP ASVS is a great project to provide a framework of security controls for design and define the basis of secure development. But the problem is when you decide to use these checks in your organization, you end up with a 71-page pdf file or an OWASP ASVS checklist (excel sheet). It is incredibly hard for organizations to adapt and spread the word within the company. This is why we decided to implement a feature that gets all the security testing tools results (by CWE) and maps them into OWASP ASVS automatically so you can use it in every aspect of your application security program.
Jun 26, 2023   |  By Can Taylan Bilgin
In today's interconnected and technology-driven world, cyber threats have become a significant concern for businesses. With the rise of advanced cyber attacks, data breaches, and cybercriminals, it has become imperative for organizations to implement strong security measures to protect their applications and data. Automated testing tools are the number one go-to solution for security teams trying to scale the discovery of vulnerabilities in their applications. However, as modern software development practices evolve, new attack surfaces emerge and so do new security testing tools that cover different attack surfaces.
May 29, 2023   |  By Can Taylan Bilgin
As an Application Security (AppSec) leader, one of the most significant challenges you might face is securing management support for your program. This lack of support often results in under-resourced AppSec teams feeling frustrated and unable to make a meaningful impact. To foster an environment where your team feels valued and prevents burnout, AppSec leaders must prioritize gaining additional resources. In many organizations, security tends to climb the priority ladder slowly, requiring AppSec leaders to put in extra effort to secure the necessary approvals. Here are three strategies that can help you win management buy-in and create a better environment for your team.
Apr 25, 2023   |  By Andreas Wiese
For quite a time we have been thinking about ways to make it easier for Kondukto users to try out the integrations of our Technology Partners. At this year’s RSA in San Francisco we are now happy to announce the first release of our Demo Hub. This industry-first feature, integrated right into the Kondukto platform, makes it easier for customers to evaluate and benchmark different solutions from the growing number of Kondukto’s Technology Partners.
Apr 24, 2023   |  By Can Taylan Bilgin
Anyone who works on application security knows developers are inseparable from AppSec programs. Even so, the hardest part is figuring out how to get security on their agenda and actively involve them in preventing and managing vulnerabilities. Only with their buy-in and active involvement, it is possible to scale an application security program to the level desired by AppSec teams, especially in large enterprises where developers way outnumber security engineers.
Mar 28, 2023   |  By Can Taylan Bilgin
Gartner just released the Hype Cycle for Application Security 2022, and the main topic was the rise of application security orchestration and correlation (ASOC) tools. As Kondukto, we have been in "this neighbourhood" for more than 3 years; we want to take the chance to say something about "why you need an ASOC platform". As multiple security technologies need to be used at different stages of the modern software development lifecycle, the findings from various tools are creating an immense complexity for understaffed security teams.
Feb 28, 2023   |  By Cenk Kalpakoğlu
API security is a growing concern for businesses that offer or consume APIs. APIs, or application programming interfaces, allow different software systems to communicate and exchange data. They allow businesses to build integrations and connect with partners, customers, and other stakeholders. However, as more sensitive data is being shared through APIs, it is essential to ensure that these interfaces are secure and protected from unauthorized access or manipulation. In this blog post, we'll discuss how continuous fuzzing can be a powerful tool to secure APIs and how developers can adopt a "secure by default" approach by integrating continuous fuzzing into SDLC processes.
Dec 13, 2022   |  By Kondukto
Kondukto integrates with OpenAI and gets vulnerability remediation advice for all your security testing results on this concept work. OpenAI is an artificial intelligence research laboratory that surprised the world with ChatGPT. It was founded in San Francisco in late 2015 by Sam Altman and Elon Musk, and many others. ChatGPT grabbed 1M people's attention in the first six days, and unbelievable AI & Human conversations screenshots are still getting shared.
Jun 30, 2022   |  By Kondukto
Kondukto allows you to set SLA levels for your vulnerabilities and easily track the ones that are overdue.
May 6, 2022   |  By Kondukto
You can easily activate Nuclei on Kondukto and scan your applications in no time.
Nov 1, 2021   |  By Kondukto
On Kondukto you can apply automated workflows on vulnerabilities that are manually imported to Kondukto as well. In this video, you can see how Kondukto automatically creates issues on issue managers and sends notifications as soon as a new file is imported.
Sep 20, 2021   |  By Kondukto
With Kondukto an action taken on a vulnerability discovered in one branch is automatically reflected on the same vulnerability discovered in a different branch.
Jul 31, 2021   |  By Kondukto
With Kondukto's Secure Code Warrior integration you can send training videos to your developers to raise awareness about certain types of vulnerabilities.
May 11, 2021   |  By Kondukto
Kondukto lets you pinpoint the developers responsible for vulnerabilities discovered by your SAST tools. After analyzing the type and number of vulnerabilities created by each developer, you can quickly assign courses on Avatao with a single click on Kondukto.
Mar 30, 2021   |  By Kondukto
Kondukto lets you pinpoint the developers responsible for vulnerabilities discovered by your SAST tools. After analyzing the type and number of vulnerabilities created by each developer, you can quickly assign courses on Codebashing with a single click on Kondukto.
Dec 14, 2020   |  By Kondukto
With Kondukto CLI, it is possible to trigger scans in pipelines and automatically break builds in any CI/CD tool whenever the project does not meet security criteria.
Nov 7, 2020   |  By Kondukto
Validation scans are great for bridging the gap between software developers and security engineers. Whenever an issue is closed by a software developer, Kondukto automatically triggers a new scan to ensure that the vulnerability has been fixed. If the same vulnerability is identified again, the issue is automatically reopened by Kondukto.

The Kondukto Platform is the ultimate tool for application security teams, allowing them to effortlessly transform vulnerability management, giving back the time, focus, and insight they need to succeed.

Instantly get all security testing tool results in a single view, automate vulnerability remediation workflows and manage risks with key security performance indicators (KPIs).

Effortless efficiency that saves time and money:

  • Gain visibility & insight: Speed up prioritization process with the power of orchestration and automation.
  • Remediate faster: Reduce distraction and low value work to speed up remediation.
  • Boost learning and accountability: Support a culture of continuous improvement with our developer-level vulnerability data.

Accelerate triage and remediation with AppSec orchestration.