When it comes to applications and software, the key word is ‘more.’ Driven by the needs of a digital economy, businesses depend more and more on applications for everything from simplifying business operations to creating innovative new revenue opportunities. Cloud-native application development adds even more fuel to the fire. However, that word works both ways: Those applications are often more complex and use open-source code that contains more vulnerabilities than ever before.

DevSecOps best practices are increasingly being adopted to secure software supply chains. The challenge is finding ways to optimize these processes. Here are seven key considerations to help you adopt a successful and secure DevSecOps methodology.

Our threat research team recently uncovered new npm packages that are used to download a new info-stealer variant that uses the popular Electron framework to disguise itself as a legitimate application. In this blog post, we’ll analyze the attack flow of this new info-stealer we detected and explain how it can stay undetected by abusing trusted development tools like Electron.

As modern software becomes increasingly cloud-based and containerized, application security tools must adapt to meet new challenges and provide security coverage across the software development lifecycle (SDLC). The use of container platforms like Docker and orchestration tools like Kubernetes inherently solves some security concerns – but containers are not without risk, and can even inject some new risks into your organization’s software.

Static application security testing (SAST) is a crucial component of any software and application security strategy, and as such, a SAST tool should form a valuable part of your security stack. But when you’re choosing which SAST tool to buy and implement, what are the key factors you should consider?

Brandjacking refers to the malicious act of using a brand’s identity to deceive or defraud customers. It usually involves impersonating a reputable brand to gain unauthorized access to sensitive information or exploit the trust associated with the brand. Attackers often leverage the reputation of well-known brands using social engineering techniques, phishing emails, fake websites, and malicious packages in open source repositories.

Typosquatting represents a significant threat to cybersecurity. But what exactly is it? How does it work? What threats does it pose to your cybersecurity? How can you prevent these threats and how can you deploy application security against them?

This is the third part of a blog series on AI-powered application security. Following the first two parts that presented concerns associated with AI technology, this part covers suggested approaches to cope with AI concerns and challenges. In my previous blog posts, I presented major implications of AI use on application security, and examined why a new approach to application security may be required to cope with these challenges.

Software vulnerability patching plays a critical role in safeguarding your code base, software, applications, computer systems, and networks against potential threats, and ensuring they’re compliant, and optimized for efficiency. Organizations’ codebases have become increasingly complex, involving sophisticated relationships between components and their dependencies.