Review your hardcoded secrets incidents in Kondukto's AppSec orchestration platform
Kondukto and GitGuardian have teamed up to provide an integration that brings together their knowledge in AppSec orchestration and automated secrets detection.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
March 2023
Sponsored Post
What is Application Security Orchestration and Correlation?
Gartner just released the Hype Cycle for Application Security 2022, and the main topic was the rise of application security orchestration and correlation (ASOC) tools. As Kondukto, we have been in "this neighbourhood" for more than 3 years; we want to take the chance to say something about "why you need an ASOC platform". As multiple security technologies need to be used at different stages of the modern software development lifecycle, the findings from various tools are creating an immense complexity for understaffed security teams.
AppSec Decoded: Scoping and data gathering in threat modeling | Synopsys
Learn how Synopsys handles scoping and data gathering, two of five necessary steps in creating a useful threat modeling.
Policy-Driven DevSecOps with Code Dx | Synopsys
In this interview, Natasha Gupta, security solutions manager at Synopsys, and Jimmy Rabon, senior product manager for Code Dx at Synopsys, discuss our new capabilities for centralized policy management and how they can help your development teams mitigate software risk at scale.
The Shift to the Cloud and its Implications for Application Security
Everybody’s doing it: shifting applications to the cloud. More flexibility. More storage. More scalability. But how does this affect application security? What challenges does it present?
Resolving prioritization issues faced by modern AppSec teams with EASM
At Detectify, we proudly maintain an AppSec perspective when it comes to how we handle security. But what does this mean exactly? In short, we think a lot about how both AppSec teams and developers will experience our platform and products. We know that today’s developers are feeling the pressure to get new code out to production to meet the demands of the business. These business demands have increased the need for AppSec tooling to leverage automation whenever possible.
How to ingest LimaCharlie output into Datadog
Integrating LimaCharlie with Datadog increases visibility for LimaCharlie users. In this article, we will look at two ways you can configure the integration to help security teams streamline workflows.
The Five Key Principles of Modern Application Security
I recently had the pleasure of joining Marina Novikova, partner solutions architect from AWS in a webinar to discuss the key principles for building modern application security programs. We explored the big issues facing AppSec today, and why many companies are taking a new approach. As the world becomes increasingly application-driven, security can no longer be simply a box-ticking exercise for compliance purposes. It must do much more to ensure that software is delivered safely.
DevSecOps uses policy to take the pressure off testing
Application Security Orchestration and Correlation uses processes and automation to help accelerate vulnerability testing and mitigation. In 2022, Synopsys commissioned the SANS Institute to investigate how firms are aligning their development, security, and operations teams with the organizational values, practices, and tools that compose the secure DevOps, or DevSecOps, approach.
Mitigating path traversal vulns in Java with Snyk Code
Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data.
Install the Veracode IntelliJ Plugin
In this video, you will learn how to install the Veracode IntelliJ Plugin, generate API ID and key credentials in the Veracode platform, and store those credentials in IntelliJ. The Veracode IntelliJ Plugin enables you to upload binaries to the Veracode Platform for static security analysis. You can then review the scan results from within IntelliJ IDEA to identify and mitigate potential security findings in your applications.
Will Biden's National Cybersecurity Strategy Trigger AppSec Change?
Every federal administration for the past 20 years has issued a cybersecurity strategy, so in one sense the National Cybersecurity Strategy issued by the Biden administration on March 2, 2023 is not unexpected. The big difference, however, lies in the recommendations: For the first time, the government is pressing for regulatory mandates on key industry sectors that control wide swathes of critical infrastructure nationwide.
Just Who Exactly Should Take Responsibility for Application Security?
Recent high-profile software supply chain breaches have sharpened the focus on application security. But as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce the number of vulnerabilities that now routinely make it into production applications. However, real life is a little messier.
Instantly scalable dynamic application security testing
Reduce complexity, increase scalability, and improve cost-efficiency while providing absolute coverage with DAST solution WhiteHat Dynamic. Despite the proliferation of application security testing (AST) tools in use today, most organizations knowingly or unknowingly push vulnerable code to production.
AppSec Decoded: Managing your open source risks | Synopsys
Learn about the crucial elements to managing open source risks as highlighted in the 2023 OSSRA report.
How to Easily Generate An Accurate Software Bill of Materials (SBOM) with Black Duck | Synopsys
Did you know that open source code constitutes up to 95% of the code in your applications? This creates a web of dependencies that can pose security, quality, and compliance risks. Black Duck provides a solution by helping you generate an accurate software bill of materials (SBOM) in minutes, giving you visibility into your software supply chain. Watch the video to streamline your SBOM generation process and take control of your software supply chain.