%term

The latest News and Information on Application Security including monitoring, testing, and open source.

Optimize Your Application Security with Custom WAF Rules

Nov 13, 2025 By Cloudflare In Cloudflare

Your website is unique, and so are the attacks against it. Generic Web Application Firewall (WAF) rules protect everyone a little, but leave your site exposed to specialized attacks. Custom WAF rules are your line of defense against targeted threats—the ones tailored to your specific application, industry, or code base. Key Advantages of Custom WAF Rules.

View Video

Cloudflare

Read more about Optimize Your Application Security with Custom WAF Rules

If AI Security were food...What's on the menu? #aisecurity #food

Nov 10, 2025 By Mend In Mend

How do you explain AI Security without the jargon? Easy you make it food. In this video, we asked leading AI Security professionals to describe AI Security as a dish. Their answers turn complex ideas like prompt injection, data leaks, and model hardening into bite-sized insights you’ll actually remember. From layered lasagna to spicy tacos, each response brings a fresh perspective on what it means to build and protect secure AI systems.

View Video

Mend

Read more about If AI Security were food...What's on the menu? #aisecurity #food

AI as a Power Tool: How Windsurf and Devin Are Changing Secure Coding

Nov 6, 2025 By Trusha Sharma In Aikido

We brought together Ian Moritz, Deployed Engineer at Cognition, and Mackenzie Jackson from Aikido Security for a live masterclass on AI-assisted coding. The goal wasn’t to hype new tools. It was to talk about how developers can stay in control while AI starts writing, testing, and securing code beside them.

Read Post

Aikido

Read more about AI as a Power Tool: How Windsurf and Devin Are Changing Secure Coding

Building Fast, Staying Secure: Supabase's Approach to Secure-by-Default Development

Nov 6, 2025 By Trusha Sharma In Aikido

As part of Aikido’s Security Masterclass series, Mackenzie Jackson sat down with Bill Harmer (CISO, Supabase) and Etienne Stalmans (Security Engineer, Supabase) to explore how Supabase approaches security as part of design, not something to bolt on later. From Row Level Security (RLS) to the risks of AI-assisted coding, the discussion focused on what it takes to build fast and stay secure.

Read Post

Aikido

Read more about Building Fast, Staying Secure: Supabase's Approach to Secure-by-Default Development

Direct vs. Indirect AI Risks: What Security Teams Need to Know #AIsecurity #AppSec #AInative

Nov 6, 2025 By Mend In Mend

AI coding assistants don’t just speed up development — they introduce two kinds of risks you can’t afford to ignore. Direct risks: vulnerabilities added straight into generated code. Indirect risks: exposure through how AI tools shape workflows, dependencies, and external connections. Both can create blind spots — and both demand visibility. Watch to learn how recognizing these layers helps secure your AI-driven workflows.

View Video

Mend

Read more about Direct vs. Indirect AI Risks: What Security Teams Need to Know #AIsecurity #AppSec #AInative

The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties

Oct 31, 2025 By Ilyas Makari In Aikido

It wasn’t long ago that we uncovered compromised extensions on Open VSX. Now, a new wave of attacks is emerging, and all signs point to the same threat actor. The technique will sound familiar: hidden malicious code injected with invisible Unicode Private Use Area (PUA) characters. We first saw this trick back in March when npm packages used PUAs to conceal payloads. Then came Open VSX. Now, the attacker seems to have turned their sights on GitHub, and their methods are evolving.

Read Post

Aikido

Read more about The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties

Same Adversary, New Terrain: Adapting an Endpoint Detection Mindset to the Cloud

Oct 30, 2025 By Datadog In Datadog

In their talk, Katie Nickels (Sr. Director of Intelligence Operations) and Jesse Griggs (Sr. Threat Researcher) from Red Canary show you how to adapt an endpoint detection mindset to the cloud, specifically focusing on pre-impact TTPs and building robust cloud detections.

View Video

Datadog

Read more about Same Adversary, New Terrain: Adapting an Endpoint Detection Mindset to the Cloud

Datadog Detect (October 30, 2025)

Oct 30, 2025 By Datadog In Datadog

Datadog Detect is a virtual mini-conference dedicated to helping security teams modernize detection and response by applying engineering best practices. Hear talks from industry experts, including security researchers and engineers at Datadog, Red Canary, and Corelight to learn about building scalable, effective security operations.

View Video

Datadog

Read more about Datadog Detect (October 30, 2025)

The Goldilocks Approach: Finding Detections That Are Just Right

Oct 30, 2025 By Datadog In Datadog

In this talk, Megan Roddie-Fonseca, Sr. Security Engineer at Datadog, addresses the challenge of finding "just right" detections, leveraging data classification techniques like recall and precision to balance false positives and missed attacks. Presented on October 30, 2025 for Datadog Detect.

View Video

Datadog

Read more about The Goldilocks Approach: Finding Detections That Are Just Right

Silence of the Daemons: Why Evasion Isn't About Location and NDR's Role in the Cloud

Oct 30, 2025 By Datadog In Datadog

In this talk, David Burkett, Cloud Security Researcher at Corelight, highlights how timeless evasion tactics create critical blind spots in cloud workloads, and illustrates the role of Network Detection and Response (NDR) as a resilient countermeasure. Presented on October 30, 2025 for Datadog Detect.

View Video