%term

The latest News and Information on Application Security including monitoring, testing, and open source.

Dynamic Application Security Testing: DAST Basics

May 5, 2025 By Mend.io Communications In Mend

DAST is a security tool that attempts to penetrate an application from the outside by checking its exposed interfaces for vulnerabilities and flaws. Sometimes called a web application vulnerability scanner, it is a type of black-box security test. It looks for security vulnerabilities by simulating external attacks on an application while the application is running.

Read Post

Mend

Read more about Dynamic Application Security Testing: DAST Basics

7 Core Principles of an Effective Application Security Program

Apr 29, 2025 By Jessica Amado, In Seemplicity

If you’re building software, chances are your environment looks nothing like it did a few years ago. Monolithic applications have given way to microservices. On-prem systems have migrated to multi-cloud. Waterfall has become agile, and developers are pushing code daily (sometimes hourly). Security, meanwhile, is still catching up.

Read Post

Seemplicity

Read more about 7 Core Principles of an Effective Application Security Program

Securing AI Isn't Just About Your Pipeline #AIsecurity #DevSecOps #AppSec #redteaming

Apr 28, 2025 By Mend In Mend

Building AI apps securely is not just about plugging tools into your dev pipeline. It’s about knowing what to do with those tools after they give you results. What risks matter? What policies should you apply? And when is the right time to integrate AI security into your CI/CD? Bar-El Tayouri sits down with Ashish Rajan from The Cloud Security Podcast to discuss why red teaming and scanning aren’t enough and how getting comfortable with AI security before production pays off long-term.

View Video

Mend

Read more about Securing AI Isn't Just About Your Pipeline #AIsecurity #DevSecOps #AppSec #redteaming

XRP supply chain attack: Official NPM package infected with crypto stealing backdoor

Apr 22, 2025 By Charlie Eriksen In Aikido

At 21 Apr, 20:53 GMT+0, our system, Aikido Intel started to alert us to five new package version of the xrpl package. It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads. We quickly confirmed the official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

Read Post

Aikido

Read more about XRP supply chain attack: Official NPM package infected with crypto stealing backdoor

Introducing a new Application Security experience

Apr 15, 2025 By Cloudflare In Cloudflare

Welcome to Cloudflare Security Week 2025! During this year's Security Week, we are boosting security with AI-driven insights, better threat detection, and stronger protections against emerging risks. Our aim is to empower customers with more intuitive and user-friendly solutions to protect their data and applications in an increasingly complex environment. In this episode, tune in for a conversation with Cloudflare's Jessica Tarasoff, Product Design Lead, and Pete Thomas, Senior Manager, Product Design.

View Video

Cloudflare

Read more about Introducing a new Application Security experience

The malware dating guide: Understanding the types of malware on NPM

Apr 10, 2025 By Madeline Lawrence In Aikido

The Node ecosystem is built on a foundation of trust — trust that the packages you npm install are doing what they say they do. But that trust is often misplaced. Over the past year, we’ve seen a disturbing trend: a rising number of malicious packages published to npm, often hiding in plain sight. Some are crude proof-of-concepts (PoCs) by researchers, others are carefully crafted backdoors.

Read Post

Aikido

Read more about The malware dating guide: Understanding the types of malware on NPM

Cybersecurity Modernization Summit: Moving From Reactive Threat Detection and Response to Proactive

Apr 10, 2025 By Datadog In Datadog

Jake Williams, SVP of Modernization at Scoop News Group and Datadog VP Bianca Lankford for a conversation to learn more about how real-time threat detection paired with rich observability insights is helping organizations to achieve faster security outcomes. This conversation will also address the role auto-remediation plays in the future of government cybersecurity.

View Video

Datadog

Read more about Cybersecurity Modernization Summit: Moving From Reactive Threat Detection and Response to Proactive

Secure Cloud Computing in Government

Apr 10, 2025 By Datadog In Datadog

Cloud technology continues to play an integral role in driving innovation at federal agencies. As use cases become increasingly complex, how can agencies ensure data is secured? During this webinar, you will gain the unique perspective of top federal IT experts.

View Video

Datadog

Read more about Secure Cloud Computing in Government

MeriTalk State Tech Vision Panel: Workforce, Cybersecurity, and Digital Transformation

Apr 10, 2025 By Datadog In Datadog

View Video

Datadog

Read more about MeriTalk State Tech Vision Panel: Workforce, Cybersecurity, and Digital Transformation

AI and AppSec: A Partnership to Prevent Breaches

Apr 10, 2025 By Natalie Tischler In Veracode

As software development accelerates, cyberattacks are also growing more sophisticated. The result? Traditional security methods are often rendered ineffective. With reactive strategies and stretched resources, application security (AppSec) teams are under increasing pressure to secure apps without sacrificing speed and innovation. Artificial intelligence (AI) has quickly become the frontrunner solution, automating labor-intensive tasks, improving accuracy, and enabling proactive security measures.

Read Post