AppSec Decoded: Exploring BSIMM14 trends and recommendations
Uncover key software security trends and recommendations from the BSIMM14 to help improve your security program.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
January 2024
Sponsored Post
A Look into Modern Security Orchestration
Have you ever thought there could be a smarter way to handle your organization's app security? In this blog post we're going to provide an overview of modern Security Orchestration, show how it fits perfectly with DevSecOps and how to make sure that security is part of your software development lifecycle right from the start.
Polaris Software Integrity Platform: Automate Any Scan, Anytime, Anywhere, All at Once | Synopsys
Polaris Software Integrity Platform is the first no compromise cloud-based application security solution that meets the diverse needs of Development, DevOps, and Security teams. Polaris Overview Highlights: Watch this overview to see how Polaris can benefit your organization.
Network Security vs. Application Security: The Complete Guide
Enterprise cybersecurity must constantly evolve to meet the threat posed by new malware variants and increasingly sophisticated hacker tactics, techniques, and procedures. This need drives the way security professionals categorize different technologies and approaches. The difference between network security and application security is an excellent example. These two components of the enterprise IT environment must be treated separately in any modern cybersecurity framework.
Rapid Bulk SCM onboarding made easy with Polaris | Synopsys
It is a constant challenge for modern app and DevOps team to onboard and scale AppSec test in today's highly complex and distributed software environment. Ability to automate bulk upload and scanning of an organizations' hundreds of repositories is the first step. This video shows how the Polaris integrated application security testing SaaS platform helps: To learn more, visit synopsys.com/polaris.
What is an Application Security Tool? Top 5 App Security Tools
Applications are becoming the gateway for attackers to gain unauthorized access and perform their malicious activities on end-user devices. And when such a thing happens, not only the user but also the software development firm suffers. So, now it has become utterly important to ensure the app security with the best-in-class tools available.
Mobile app security testing and development at the speed your business demands
Synopsys recently introduced static application security testing (SAST) support for the Dart programming language and the Flutter application framework to expand our coverage for mobile development teams that are tasked with delivering secure apps on multiple platforms. This builds on our support of more than 20 programming languages and 200 frameworks, and complements our existing Kotlin, Swift, and React Native support with another option for those focused on secure mobile app development.
AppSec Talks - Episode 1 with Rami McCarthy - Figma
In this episode, we talk with Rami McCarthy from Figma about best practices in security programs including the roles of developers, and effective triage and remediation processes.
Beyond SBOMs: The Future of Software Supply Chain Security
The recent executive order requiring SBOMs (Software Bill of Materials) of those supplying software to the federal government has been instrumental in advancing the conversation around software supply chain security – but SBOMs are just the tip of the iceberg, and quite possibly, not even the most interesting or promising part. Cisco distinguished engineer Ed Warnicke and Cisco technical marketing engineer Michael Chenetz were joined by Aeva Black, OmniBor Project – Microsoft, Brandon Lum, Guac and Google, Dan Lorenc, Wolfi/Chainguard, and Cole Kennedy, TestifySec.
Speed vs. Security: New Frameworks for Protecting Cloud Native and Multicloud Environments
Hear the latest thinking on how organizations can balance security and speed. In this session, get insights and advice from our distinguished panel of experts including: Gene Kim, researcher and bestselling author, The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win, Kelsey Hightower, Distinguished Engineer, Google Cloud, and Stephen Augustus, Head of Open Source, Cisco, moderated by Michael Chenetz Technical Marketing Engineer, Cisco.
Mobile Application Security - From Vulnerabilities to Vigilance
Your mobile apps are your business's face to the world. As an app creator or business owner, credibility is everything, and security is the cornerstone upon which it stands. Now, with the digital ecosystem being highly susceptible to breaches, even a single slip in security can shatter the trust your users have in your brand, tarnishing the hard-earned credibility of your business. This is why mobile app security is key to your business’s growth.
Good Application Security Posture Management Requires Great Data
Discover how GitGuardian enhances Application Security Posture Management, ASPM, with top-notch code security and secrets detection and remediation coordination.
How to Easily Generate An Accurate Software Bill of Materials (SBOM) with Black Duck | Synopsys
Did you know that open source code constitutes up to 95% of the code in your applications? This creates a web of dependencies that can pose security, quality, and compliance risks. Black Duck provides a solution by helping you generate an accurate software bill of materials (SBOM) in minutes, giving you visibility into your software supply chain. Watch the video to streamline your SBOM generation process and take control of your software supply chain.
AppSec Decoded: Reaching DevSecOps maturity | Synopsys
Learn how to overcome today's DevSecOps challenges to achieve strong DevSecOps maturity.
NIS2: Who is affected?
This is a question we get a lot from our customers. The NIS2 Directive’s wording is not always very explicit. NIS2 is a framework that countries need to implement. Because it’s a Directive and not a Regulation, each EU country has the autonomy to roll it out under their own interpretation. NIS2’s language is broad, making it challenging to get your head around, especially until countries publish their specifics.
3 Critical Steps for Application Security Teams in 2024
Software development practices are rapidly changing, and so are the methods adversaries use to target custom applications. The rise of loosely coupled applications, along with an impressive increase in code deployment speed, has resulted in a growing attack surface with more software architecture and imported dependencies. Application security (AppSec) teams are often outnumbered by software developers and struggle to keep up with frequent code changes.
Datadog Cloud SIEM Demo
Datadog Cloud SIEM can help unify security teams as well as IT Dev and Ops teams practicing DevSecOps on a single platform. It provides real-time threat detection across security and operational logs paired with rich observability context, visual investigations, and automated security response to help teams achieve faster security outcomes.
Create SBOM on Gradle with the CycloneDX Plugin
The Software Bill of Materials (SBOM) has become essential in application security as it provides a comprehensive list of every element within a software build. This is important because vulnerabilities can often emerge in third-party or transitive dependencies, not just in the main code. SBOM is used not only for vulnerability discovery but also to detect and understand open-source license violations in advance.
Understanding Continuous DAST in Production with WhiteHat Dynamic
This video provides an overview of WhiteHat Dynamic's approach to continuous production DAST testing, and its integration with other Synopsys tools for comprehensive security across all development stages. Join us as we walk through the dashboard's executive and peer benchmarking views, examine common vulnerabilities, and delve into the process of identifying and validating issues using a blend of automated and manual testing techniques.
Accelerating Historical Investigations with Datadog Cloud SIEM
Watch this video to learn how Datadog Cloud SIEM enables you to visually explore and search your logs–accelerating security investigation and response.
Application Security Challenges and Trends for the Year 2024
Every year, new technologies are released; with them, professionals are discovering new sets of application vulnerabilities. However, some threats and challenges are constant in the list, such as malware and app spoofing. However, all the threats are now more powerful with the advancement of tools. Further, it’s expected that the mobile app security challenges will be more rigid in 2024.
The Darkside of GraphQL
GraphQL is a query language for APIs that provides a powerful and efficient way to query and manipulate data. As powerful and versatile as GraphQL is, its downside is that it can be vulnerable to certain security threats. In this presentation, we will discuss the security vulnerabilities associated with GraphQL, from the basics to more advanced threats, and how to best protect against them. After this presentation, attendees will have a better understanding of security vulnerabilities in GraphQL, as well as an understanding of the steps needed to protect against them.
Application Security Posture Management with GitGuardian and ArmorCode
Managing GitGuardian Findings as Part of a Complete Risk-Based Software Security Program with ArmorCode ASPM.
Kubernetes Security Fundamentals - Introduction
This is the first video in a series that we’ll be doing around Kubernetes Security Fundamentals. We’ll discuss some of the complexities of Kubernetes Security, and also a bit about what we’ll be covering in the series. For more information, see our blog post on Datadog Security Labs.
The Future of Cloud Security: Attack Paths and Graph-based Technology
Learn about the power of leveraging graph-based cloud security technology to improve cloud security teams' ability to navigate and assess critical risks in multi-cloud environments. This whitepaper reveals why modern security teams are turning towards graph-based technology to accurately discover and prioritize cloud risks. Understand the nuances, benefits, and the need for a graph-driven approach alongside attack path analysis capabilities, to better secure multi-cloud ecosystems.