%term

The latest News and Information on Application Security including monitoring, testing, and open source.

How to Secure Cross-Application Process Attack Surfaces

Feb 6, 2025 By SecuritySenses In SecuritySenses

The organization in today's world operates on an intricately meshed fabric of software, while conversely, that interdependence invites the hacker through more doors. A vulnerability within any component of this inner dependency chain could become an open door to unauthorized disclosure of sensitive information, interruption of critical business processes, or even the demise of an entire corporation.

Read Post

SecuritySenses

Read more about How to Secure Cross-Application Process Attack Surfaces

The Truth Behind Successful Security Operations Centers (SOC) |Secrets of AppSec Champions

Feb 4, 2025 By Mend In Mend

In this eye-opening episode, Reanna Schultz, an experienced Security Operations Center (SOC) team leader, pulls back the curtain on what makes a modern SOC truly effective. Drawing from her six-year journey through various cybersecurity roles, she reveals how SOCs serve as an organization's first line of defense against cyber threats.

View Video

Mend

Read more about The Truth Behind Successful Security Operations Centers (SOC) |Secrets of AppSec Champions

Why securing cloud-native applications goes beyond AppSec?

Feb 2, 2025 By Amit Schendel In ARMO

In today’s landscape of microservices, Kubernetes, and cloud environments, attacks can come from multiple vectors, with varying degrees of complexity. Understanding these vectors and how to detect them is crucial for securing your infrastructure and applications. This post will explore various attack scenarios including SQL Injection and Cluster Takeover, structured around the 4 Cs of cloud security: Cloud, Cluster (Kubernetes), Container (workload), and Code (application).

Read Post

ARMO

Read more about Why securing cloud-native applications goes beyond AppSec?

Adaptive application security for the AI era

Jan 31, 2025 By Veracode In Veracode

View Video

Veracode

Read more about Adaptive application security for the AI era

Static Application Security Testing (SAST): What You Need to Know

Jan 24, 2025 By Jit In Jit

Modern software applications operate within increasingly complex ecosystems, spanning multiple layers of the stack—from the user interface and application logic to APIs, databases, and third-party dependencies. Each layer introduces unique vulnerabilities, often requiring specialized domain expertise to identify and mitigate.

Read Post

Jit

Read more about Static Application Security Testing (SAST): What You Need to Know

Launching Opengrep | Why we forked Semgrep

Jan 23, 2025 By Mackenzie Jackson In Aikido

Last month, Semgrep announced major changes to its OSS project—strategically timed for a Friday, of course ;) Since 2017, Semgrep has been a cornerstone of the open-source security community, offering a code analysis engine and rule repository alongside its SaaS product. But their recent moves raise the question: what does “open” really mean?

Read Post

Aikido

Read more about Launching Opengrep | Why we forked Semgrep

Building Trust in Cybersecurity: Insights from Veteran CISO Rob Wood | Secrets of AppSec Champions

Jan 21, 2025 By Mend In Mend

Trust is the invisible currency of business, and it's built in drops but lost in buckets. As security professionals, we often focus on competence - having the right controls, frameworks, and processes in place. But competence alone isn't enough when things go wrong. When a security incident happens, your customers' trust in you hangs in the balance. They're scared, frustrated, and looking for leadership. This is where benevolence and integrity become crucial.

View Video

Mend

Read more about Building Trust in Cybersecurity: Insights from Veteran CISO Rob Wood | Secrets of AppSec Champions

How Ping Identity Automated Security & Cut Scanning Time from Weeks to Minutes with Mend.io

Jan 20, 2025 By Mend In Mend

Join Bruno Lavit, Risk Manager at Ping Identity, as he shares how they transformed their application security process using Mend IO. Learn how Ping Identity went from time-consuming manual security scans to fully automated CI/CD pipeline integration, reducing scanning time from weeks to minutes. Ping Identity improved their security posture while accelerating software development. Perfect for AppSec managers, CSOs, and risk managers looking to enhance their security automation.

View Video

Mend

Read more about How Ping Identity Automated Security & Cut Scanning Time from Weeks to Minutes with Mend.io

Kubernetes Security Fundamentals: Authentication - Part 3

Jan 14, 2025 By Datadog In Datadog

In this video we’ll continue looking at how Kubernetes handles authentication with a look at service account token authentication.

View Video

Datadog

Read more about Kubernetes Security Fundamentals: Authentication - Part 3

How Yahoo Scaled Application Security & Saved Millions with Mend.io

Jan 14, 2025 By Mend In Mend

Join Chris Madden, Distinguished Technical Security Engineer at Yahoo, as he shares how Yahoo scaled its application security program with Mend.io. In this insightful video, Chris details the challenges Yahoo faced in managing open source security and compliance risks, and how Mend.io's AppSec platform helped them: Discover how Mend.io enabled Yahoo to address critical vulnerabilities like Log4Shell, codify security policies, and achieve quantifiable benefits across their organization. If you're looking to improve your AppSec posture, especially at enterprise scale, this video is a must-watch!

View Video