Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

How to Protect Your Cloud Assets from Being Cryptojacked

May 17, 2024 By Panoptica In Panoptica

Cryptojacking attacks have become the most prevalent type of attack on cloud native infrastructures. For example, in 2022, there were 139M cryptojacking attacks, but the following year there were over 1 billion! That translates to nearly 3M cryptojacking attacks every day, on average in 2023.

View Video

Panoptica

Read more about How to Protect Your Cloud Assets from Being Cryptojacked

How to Protect Your Business From API Data Leaks

May 16, 2024 By Panoptica In Panoptica

Application Programming Interfaces (APIs) are rapidly becoming the primary attack vector for cloud native applications. In fact, according to one study, 92% of organizations have already experienced a security incident resulting from insecure APIs. This is because loosely coupled microservices predominantly intercommunicate via APIs. In this video, we will analyze a ‘ripped from the headlines’ case-study example of data leakage via insecure APIs. Then we will examine various API vulnerabilities that can be exploited by attackers to enable data leaks, including Broken User Authentication (BUA), Broken Object Level Authentication (BOLA), and Broken Function-Level Authentication (BFLA).

View Video

Panoptica

Read more about How to Protect Your Business From API Data Leaks

Cloud Unfiltered with Sathish Balakrishnan - Exploring the Future of AI and Automation - Episode 12

May 14, 2024 By Panoptica In Panoptica

Join host Michael Chenetz on this enlightening episode of Cloud Unfiltered as we dive deep into the realms of AI and automation with special guest Sathish Balakrishnan from Red Hat. Sathish, who leads the Ansible Automation Platform business, shares his valuable insights on how AI is enhancing automation technologies and the critical role of automation in leveraging AI effectively across industries.

View Video

Panoptica

Read more about Cloud Unfiltered with Sathish Balakrishnan - Exploring the Future of AI and Automation - Episode 12

Scaling DevSecOps with Dynamic Application Security Testing (DAST)

May 14, 2024 By Jenny Buckingham In Veracode

In the swiftly evolving landscape of AI-driven software development, DevSecOps helps strengthen application security and quality. Dynamic Application Security Testing (DAST) is a key tool that helps scale your DevSecOps program by facilitating continuous and accurate security tests on running applications. DAST simulates real-world attacks, enabling you to identify security weaknesses and evaluate your application's defenses in response to actual attacks.

Read Post

Veracode

Read more about Scaling DevSecOps with Dynamic Application Security Testing (DAST)

AppSec spring cleaning checklist

May 13, 2024 By Mariah Gresham In Snyk

Something about the springtime sunshine and blooming flowers inspires many of us to start cleaning. For some, it might be tackling the backyard shed that accumulated cobwebs over the winter or that overflowing junk drawer in the corner of the kitchen. As you survey your home and yard and decide where to start cleaning, it’s also a great time to look at your application security program and see if any of your existing processes need some tidying up. Here are a few great places to start.

Read Post

Snyk

Read more about AppSec spring cleaning checklist

Google Cloud affected by CVE-2021-30476

May 13, 2024 By Kondukto Security Team In Kondukto

CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control.

Read Post

Kondukto

Read more about Google Cloud affected by CVE-2021-30476

The Application Security Assessment Checklist for Cloud Native Environments

May 9, 2024 By Avichay Attlan In Jit

A cloud-based application security assessment (or ASA) is a systematic evaluation to identify vulnerabilities and improve security in cloud applications. It aims to ensure the application’s structural, design, and operational integrity against all cyber threats. A staggering 82% of data breaches in 2023 involved data stored in the cloud.

Read Post

Jit

Read more about The Application Security Assessment Checklist for Cloud Native Environments

Troubleshooting Error Spikes with Security Context

May 9, 2024 By Datadog In Datadog

As developers debug their services, they can easily see security insights from the same screen and pivot as necessary, to better understand if a security issue is the root cause or not.

View Video

Datadog

Read more about Troubleshooting Error Spikes with Security Context

kntrl integrates Open Policy Agent

May 9, 2024 By Cenk Kalpakoğlu In Kondukto

Addressing the security intricacies of sophisticated automation frameworks, in our case the Continuous Integration/Continuous Deployment (CI/CD) environments, is always challenging. The inherent complexity of such environments, characterized by the multitude of components that are each performing distinct tasks, necessitates a dynamic and adaptable rule engine to ensure the security of our pipelines.

Read Post

Kondukto

Read more about kntrl integrates Open Policy Agent

Outshift by Cisco | An Era of GenAI & Human Collaboration

May 7, 2024 By Panoptica In Panoptica

AI is the key to unlocking the untapped potential within your organization. At Outshift, we invest in the future of GenAI, not as a tool that replaces human effort but as a transformative force that amplifies the creativity and ingenuity of people across your enterprise. We invite you to reimagine the role of GenAI in business. Thinking of it as a tool for connection, adaptation, and creativity - a tool with unprecedented efficiency and impact.

View Video