Test API specification With the growing footprint of APIs, there is a strong need for secure-by-design APIs. A design blueprint of an API would be a helpful start in determining the security standard of an API. Fortunately, APIs have that blueprint known as an OpenAPI Specification. API Specifications play a crucial role in ensuring the security and functionality of APIs.

The days where applications were monoliths built of proprietary code, and releases were set quarterly are no more. Instead, they have been replaced by fast paced development sprints, with software created using plenty of code from open-source repositories. The growing complexities of software development and the associated risks have far exceeded the abilities of traditional application security.

CI/CD pipelines are formed by a series of steps that automate the process of software delivery. They integrate the practices of Continuous Integration (CI) and Continuous Delivery (CD) along with the tools, platforms, and repositories that enable them. Their goal is to simplify, streamline and automate large parts of the software development process.

Picture a domino effect in the business world: one weak link in a supply chain triggers a cascade of disruptions. This is the reality of supply chain attacks, where a minor breach can escalate into a major crisis. It underscores the urgent need for robust security across the whole supply chain. Supply chain attacks represent a sophisticated threat to organizations, often involving multiple stages of exploitation.

Mobile Security Framework (MobSF), launched by OWASP in 2015, is a partially automated, open-source, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic, and malware analysis. MobSF is one of the most widely used security applications where the testing framework - a simple, flexible, and incredibly powerful tool has quickly become the lingua franca of security. The flexibility and accessibility of the tool are helpful but also dangerous.

CVE-2022-39327 is a code injection vulnerability that affects the command-line interface for Microsoft Azure (Azure CLI). The vulnerability allows an attacker to execute arbitrary commands on a Windows machine that runs an Azure CLI command with untrusted parameter values. The vulnerability was discovered by GitHub Security Lab and reported to Microsoft on October 7, 2022. Microsoft released a patch for the vulnerability on October 25, 2022, in version 2.40.0 of the Azure CLI.

Businesses have come a long way in their individual journeys to digital transformation, all to enhance their customer and workforce experiences. This shift elevated the importance of both Application Security (AppSec) and Cloud Security (CloudSec) in safeguarding digital assets and ensuring infrastructure resilience.

A few years ago, REI embarked on its digital transformation and cloud migration journey, moving on-prem development environments to AWS. But, as REI’s development teams began this transition, their security counterparts noticed that application security just wasn’t keeping up. As a result, REI began another journey: identifying the right security tooling and cultural shifts for AppSec success.

Most security tools waste developers’ time. We’re on a mission to fix this. Application Developers aren't paid to care about security. Their performance is measured by the speed at which they can add value to the business through new features or enhancements. This makes traditional security tools a hindrance as they're not built for developers — plus, they're not designed to be helpful.