The optimal package: Software due diligence for PE & VC investors
Software due diligence should be considered a key process for PE and VC investors to help them move forward with investments, confidently.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
July 2023
Sponsored Post
OWASP ASVS with your security testing tools
OWASP ASVS is a great project to provide a framework of security controls for design and define the basis of secure development. But the problem is when you decide to use these checks in your organization, you end up with a 71-page pdf file or an OWASP ASVS checklist (excel sheet). It is incredibly hard for organizations to adapt and spread the word within the company. This is why we decided to implement a feature that gets all the security testing tools results (by CWE) and maps them into OWASP ASVS automatically so you can use it in every aspect of your application security program.
Gartner Critical Capabilities for Application Security Testing 2023 | Synopsys
Synopsys received the highest scores for all five Use Cases in this year's report: Enterprise, DevSecOps, Cloud-Native Applications, Mobile and Client, and Software Supply Chain Security.
Office Hours: Best Practices for Securing your Applications with Snyk in Jenkins
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Mend.io Product Overview Demo
Mend.io solves the toughest problems in application security for the largest and most demanding organizations in the world, and we do it with automation. Mend.io was the first application security vendor to provide automated remediation workflows for both open source and custom code. We have centered our product strategy on providing industry-leading prioritization of application security threats for both OSS and custom code, integrating automated dependency health to reduce the attack surface and ensuring fast and limitless scale to onboard developers and applications.
SBOMs: A Roadmap for a Secure Software Journey
Software supply chain threats and increasing regulatory pressures make supply chain security a top priority for software organizations. While building secure applications is a must for any organization, the path to creating secure software is anything but clear. Software bills of materials (SBOMs) have emerged as an essential tool and a roadmap for organizations on their secure software journey.
The New Era of AI-Powered Application Security. Part Three: How Can Application Security Cope With The Challenges Posed by AI?
This is the third part of a blog series on AI-powered application security. Following the first two parts that presented concerns associated with AI technology, this part covers suggested approaches to cope with AI concerns and challenges. In my previous blog posts, I presented major implications of AI use on application security, and examined why a new approach to application security may be required to cope with these challenges.
Achieve Frictionless AppSec for Developers with the Polaris Platform
The Polaris Software Integrity Platform® offers developer-enabled features that create frictionless application security for both dev and DevOps.
Easy Onboarding, Deployment, and Testing with the Polaris Platform
Polaris Software Integrity Platform® makes it easy for organizations to onboard their developers and start scanning their code in minutes.
Scale Application Security Cost-Effectively with the Polaris Platform
Whether your organization requires testing for a single application or thousands, the Polaris Software Integrity Platform® delivers a unified SaaS platform to meet your needs.
Forrester Research: The State of Application Security 2023
Get your complimentary copy of Forrester's 'The State of Application Security, 2023'.
Avoiding pitfalls when integrating AppSec for DevOps
Avoiding common integration pitfalls that set your organization back is critical in today’s fast-paced software development landscape. In today’s fast-paced software development landscape, DevOps has become the go-to approach for organizations looking to accelerate their application delivery. However, ensuring the security of applications in a DevOps environment is no small feat.
Strange Bedfellows: Software, Security and the Law
The ongoing rise in cyberattacks across the software supply chain and a shifting regulatory landscape are forging an unlikely alliance between CISOs, software leaders and legal experts. Privacy, the shifting and diverse regulatory landscape, liability and new AI/ML use cases all present unique challenges and opportunities for risk management, but to best navigate these challenges, legal teams must be involved, too. Why? Because today, software vulnerabilities can represent not just a business risk but a legal risk.
Two Birds, One Stone: Shrinking Security Debt and Attack Surfaces
Cybersecurity teams and developers continually struggle to reconcile what can seem like two competing priorities. Delivering new capabilities and addressing existing security technical debt. But what if they can do both at the same time? Forward-leaning AppSec programs are finding smart ways to reduce security debt by instituting a strategic approach to managing security vulnerabilities. This approach starts by reducing the attack surface early on and throughout development.
Malicious Package Trend Analysis
It might seem obvious that regularly upgrading software and dependencies means your software is inherently more secure, but in practice, this is hard to achieve. Choice Hotels struggled to manually maintain their codebase and remediate all the transitive vulnerabilities lurking in the code. Today’s compositional applications created a complex archeological exploration challenge for developers trying to resolve security issues across a codebase. It was time-consuming, tedious, and imperfect.
Why is Software Vulnerability Patching Crucial for Your Software and Application Security?
Software vulnerability patching plays a critical role in safeguarding your code base, software, applications, computer systems, and networks against potential threats, and ensuring they’re compliant, and optimized for efficiency. Organizations’ codebases have become increasingly complex, involving sophisticated relationships between components and their dependencies.
Secure Features, Sales Soar | A CPO's Take on Application Security | Marcelino M. (CPO, Stream)
In this episode, Marcelino Moreno (CPO, Stream) shares with Venkatesh (Venky) Sundar how product managers can contribute to an organization's growth by baking in security into the product roadmap. He also shares how a product manager can influence engineering teams to prioritize vulnerability patching along with building features to ensure that the customers use a secure product. Key highlights from the discussion.
Choosing the Right Managed Application Security Provider: A Guide
Imagine, if you will, that you are the esteemed ruler of a vast digital dominion, and your applications are the lifeblood of your realm. Yet, in the boundless expanse of cyberspace, there lurk dragons of the most fearsome kind—cyber threats, data breaches, and hackers. You require a champion, a Managed Application Security Provider (MASP), to safeguard your kingdom. But how, pray tell, does one select the right one?
LLMs Need Security Too
In this episode Jb and Izar are joined by David Haber, CEO of Lakera, who focuses on securing LLMs and their use. We explore topics like prompt injection and their impact on security, safety and trust, and we look at the Gandalf experiment ran by Lakera. We touch on the recently drafted OWASP Top 10 on LLM project, and have a great discussion on what LLMs are really doing and their potential as tools and targets.
AppSec integrations enable a more secure SDLC
AppSec integrations can help keep development secure at the speed your business requires. Whether you’re building software, selling it, or using it to run your business, in today’s fully digitized environment, every business is, necessarily, a software business. And to keep your business running at the speed today’s competitive environment requires, you increasingly depend on technology.
Consolidation: The wave of the (AST) future
Reducing complexity and providing insight into software risk, consolidation is the wave of the application security testing future. As the convergence of economic and practical factors increases pressure on organizations to streamline their application security (AppSec) initiatives, consolidation is emerging as a practical solution.
The new era of Application Security: Security Building Blocks for Developers
With the proliferation of data breaches and cyber-attacks, developers must take a proactive approach to security. BoxyHQ's Security Building Blocks for Developers are designed to help developers build and deploy secure applications with minimal effort and expertise. In addition to their core products security teams are finding it hard to keep pace with new no-code and low-code apps that are being created in the company.
This Month in Datadog: ASM protection features, Remote Configuration, Workflow Automation, and more
Datadog is constantly elevating the approach to cloud monitoring and security. This Month in Datadog updates you on our newest product features, announcements, resources, and events. This month, we put the Spotlight on Application Security Management’s protection capabilities..
Container Security Fundamentals - Linux Namespaces (Part 2): The PID Namespace
In this video we continue our examination of Linux namespaces by looking at some details of how the PID namespace can be used to isolate a container’s view of processes running on the host, and how this feature can be used for troubleshooting container problems. To learn more read our blog on Datadog’s Security Labs site.