Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Application Security including monitoring, testing, and open source.

aikido

How Engineering and Security Teams Can Meet DORA's Technical Requirements

Jan 5, 2026 By Sooraj Shah In Aikido
Every financial entity operating in the European Union must comply with the Digital Operational Resilience Act (DORA). DORA focuses on whether systems can withstand, respond to, and recover from ICT-related disruptions and whether this can be demonstrated with evidence. For engineering, security, and risk teams, this introduces a practical requirement. Operational resilience must be observable in live systems, continuously tested, and traceable over time.
Read Post
appknox

Why compliance breaks at scale and what modern AppSec looks like

Jan 2, 2026 By Rucha Wele In Appknox
Compliance once lived on a calendar. Teams prepared for it in advance, reviewed it periodically, and treated it as a milestone separate from engineering work. That model no longer holds. Mobile applications now ship continuously. Features move weekly. Fixes land daily. Every change, no matter how small, alters the security and privacy posture of the organization. In this environment, compliance cannot trail development. It has to move with it, embedded into how software is built, tested, and released.
Read Post
appknox

How Modern AppSec Teams Stay Audit-Ready Without Slowing Delivery

Jan 2, 2026 By Rucha Wele In Appknox
Compliance once followed a schedule. Teams prepared evidence near audit windows, ran tests in batches, and treated documentation as something assembled outside the development lifecycle. That approach no longer holds when releases ship continuously. Every commit, dependency update, and configuration change reshapes exposure and alters what evidence must exist.
Read Post
aikido

IDOR Vulnerabilities Explained: Why They Persist in Modern Applications

Jan 2, 2026 By Sooraj Shah In Aikido
Insecure Direct Object References, commonly referred to as IDORs, remain one of the most common and damaging classes of application vulnerabilities. Despite being well documented and widely understood at a conceptual level, they continue to appear in real production systems, particularly in modern, API-driven applications.
Read Post
jfrog

Why Enterprise and Fortune 500 Companies are Leaving Snyk and Checkmarx for JFrog

Dec 31, 2025 By The JFrog Product Marketing Team In JFrog
Effectively protecting your software supply chain has reached a critical turning point where the traditional strategy of patching together “best of breed” or point AppSec solutions is no longer sustainable.
Read Post
veracode

Top 5 Application Security Tools Your Team Needs in 2026

Dec 22, 2025 By Natalie Tischler In Veracode
Cyberattacks are growing in frequency and sophistication. Data from the 2024 Verizon Data Breach Investigations Report shows that breaches exploiting application vulnerabilities have increased by 180% in the last year alone. Applications remain a primary target, yet development teams are under constant pressure to innovate and deliver faster. Using disconnected or inadequate application security tools creates security gaps, slows down development pipelines, and ultimately increases business risk.
Read Post
jfrog

The Breach You Didn't Expect: Your AppSec Stack

Dec 22, 2025 By Jens Eckels In JFrog
Imagine this. Your phone rings on January 2nd, and it’s your DevSecOps and AppSec groups. A major security vulnerability is exposing your business, and your teams are trying desperately to find and fix it to protect your data. You probably have scars as far back as Log4j, as well as threats from more recent incidents like npm attacks, Glassworm and others ringing in your ears. With CVEs expected to rise by tens of thousands a year, you can envision that the situation will only worsen.
Read Post

Ep 23: How to bootstrap your AppSec program

Dec 16, 2025 By Sumo Logic, Inc. In Sumo Logic
On this episode of Masters of Data, Adam sits down with Zoe Hawkins and David Girvin to talk AppSec programs that don't suck. David's hot take from his 1Password and Red Canary days? AppSec is a people problem, not a tooling problem—stop being the person devs dodge at standup. We cover the essentials: build relationships first, threat model based on actual business risk (not your anxiety), and ditch the "shift left" obsession with scanning everything. Instead, start with offensive testing that finds vulnerabilities attackers can actually exploit.
View Video
aikido

SAST in the IDE is now free: Moving SAST to where development actually happens

Dec 15, 2025 By Trusha Sharma In Aikido
We’re making a fundamental change to how teams use SAST. SAST in the IDE is now free. This means developers can run SAST scans directly inside their editor, with real-time feedback and project-wide visibility, using the same analysis engine and SAST rules as Aikido. Detection runs automatically as developers work, without limiting coverage at the detection layer.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.