Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

Sponsored Post

Running DAST in CI/CD for Regression Testing

In the fast-paced field of software development, ensuring applications remain functional and secure through updates is essential. Regression testing, which checks that new code doesn't harm existing features, is key. Dynamic Application Security Testing (DAST) tools play a crucial role here. They identify security flaws in active web applications. This article explores the importance of DAST tools, integration, and enhancement in regression testing.

Why MobSF Isn't Ideal for Application Security Testing?

Mobile Security Framework (MobSF), launched by OWASP in 2015, is a partially automated, open-source, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic, and malware analysis. MobSF is one of the most widely used security applications where the testing framework - a simple, flexible, and incredibly powerful tool has quickly become the lingua franca of security. The flexibility and accessibility of the tool are helpful but also dangerous.

Microsoft Azure CLI affected by CVE-2022-39327

CVE-2022-39327 is a code injection vulnerability that affects the command-line interface for Microsoft Azure (Azure CLI). The vulnerability allows an attacker to execute arbitrary commands on a Windows machine that runs an Azure CLI command with untrusted parameter values. The vulnerability was discovered by GitHub Security Lab and reported to Microsoft on October 7, 2022. Microsoft released a patch for the vulnerability on October 25, 2022, in version 2.40.0 of the Azure CLI.

The 2024 Open Source Security and Risk Analysis (OSSRA) Report | Synopsys

Open source is in everything, everywhere, all at once. Get an in-depth look at the current state of open source security with the ninth edition of the “Open Source Security and Risk Analysis”(OSSRA) report. Do you know what's in your code?

How REI built a DevSecOps culture and how Snyk helped

A few years ago, REI embarked on its digital transformation and cloud migration journey, moving on-prem development environments to AWS. But, as REI’s development teams began this transition, their security counterparts noticed that application security just wasn’t keeping up. As a result, REI began another journey: identifying the right security tooling and cultural shifts for AppSec success.

Demystifying Cloud Security: Dispelling Common Misconceptions for Robust Protection

Explore the truth behind cloud security myths. Learn why focusing beyond common vulnerabilities is crucial, delve into application security strategies, and discover the power of bug bounties. Shift your perspective to secure from the inside-out and fortify your multi-cloud presence.

The Cloud Threat Landscape: Security Learnings from 500 Cloud Environments

In this cutting-edge eBook, explore an extensive analysis of the cloud threat landscape, derived from over 500 diverse cloud environments from Panoptica's own unique data set. Gain unparalleled insight into the evolving cloud threat landscape, while deep diving into attack path analysis, and trends across cloud service providers, CVEs, and Kubernetes coverage. This eBook reveals interesting trends in the market to help inform your own organization's cloud security posture and navigate the multi and hybrid cloud environments with increased confidence.

Cloud Unfiltered with Chris Aniszczyk - History of CNCF, Linux FDN, KubeCon & the Future - Episode 3

In this episode, Chris Aniszczyk, CTO of Linux Foundation/CNCF sits down with host, Michael Chenetz to discuss the history of the CNCF (Cloud Native Compute Foundation) and where it is going. Additionally, Chris discusses what he expects the trends to be for the next KubeCon in Paris.