Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

Cisco Research GenAI Security Summit

Nov 15, 2024 By Panoptica In Panoptica

Cisco Research hosted a virtual summit on GenAI security, bringing together researchers to explore GenAI security challenges. The summit includes presentations from university professors and students collaborating with the Cisco Research team, including Tianlong Chen (University of North Carolina-Chapel Hill), Ruoxi Jia (Virginia Tech), Xialoin Xu (Northeastern University), and Xun Xian (University of Minnesota).

View Video

Panoptica

Read more about Cisco Research GenAI Security Summit

Balancing Security: When to Leverage Open-Source Tools vs. Commercial Tools

Nov 15, 2024 By Mackenzie Jackson In Aikido

When deciding what approach to use for security tooling, it seems like there are two choices. Like everything in security, there is more to unpack in reality. In this article I want to explore when open-source security tools should be used, when commercial tools are more effective, and if we can trust tools built from an open-source core.

Read Post

Aikido

Read more about Balancing Security: When to Leverage Open-Source Tools vs. Commercial Tools

Breaking Down Jit's New Approach to ASPM

Nov 14, 2024 By Jit In Jit

Application Security Posture Management (ASPM) emerged to address gaps in traditional application and cloud security scanners – like SAST, SCA, secrets detection, IaC scanning, CSPM, and many others – that generate noisy alerts and silo security insights across various tools. By providing a consolidated view of product security risks that are prioritized according to their business and runtime context, ASPM helps security teams understand which issues truly matter.

Read Post

Jit

Read more about Breaking Down Jit's New Approach to ASPM

Introducing Veracode Risk Manager: A New Chapter in ASPM Built for Scale

Nov 13, 2024 By Derek Maki In Veracode

In a digital world that’s evolving faster than ever, industry landscapes are shifting, and customer needs are becoming more complex. At Veracode, we recognize these fundamental changes in the application security space. That’s why Veracode strategically acquired Longbow Security, now rebranded as Veracode Risk Manager.

Read Post

Veracode

Read more about Introducing Veracode Risk Manager: A New Chapter in ASPM Built for Scale

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

Nov 13, 2024 By Wallarm In Wallarm

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast attack surface that’s challenging to defend with traditional methods alone.

Read Post

Wallarm

Read more about Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

How ASPM boosts visibility to manage application risk

Nov 12, 2024 By Daniel Berman In Snyk

How often are you surprised by a threat or vulnerability from a software asset you never knew existed? For many companies, the answer is, “More often than we’d like.” This is because you can’t protect what you can’t see. Full visibility across the entire software supply chain is a must for AppSec teams, but this comprehensive view across the attack surface can be elusive.

Read Post

Snyk

Read more about How ASPM boosts visibility to manage application risk

Secure Python code faster with Code Sight: Real-time issue detection in Visual Studio | Black Duck

Nov 12, 2024 By Synopsys In Synopsys

Join David Bohannan, an R&D engineer at Black Duck, as he demonstrates using Black Duck's IDE plug-in, Code Sight to run static analysis on Python code within Visual Studio. Watch as Code Sight instantly detects vulnerabilities like OS command injection and cross-site request forgery while code is being written, helping developers fix issues early in the software lifecycle. David will demonstrate how leveraging Coverity's Rapid Scanning engine through Code Sight can allow developers to tackle issues such as secret scanning and ensure hardcoded secrets are flagged before they become risks to applications further downstream.

View Video

Synopsys

Read more about Secure Python code faster with Code Sight: Real-time issue detection in Visual Studio | Black Duck

Jit Open ASPM Platform Overview

Nov 12, 2024 By Jit In Jit

In five minutes, explore Jit's core product capabilities to empower developers to secure everything they code and unify product security risk mitigation.

View Video

Jit

Read more about Jit Open ASPM Platform Overview

The State of SQL Injection

Nov 11, 2024 By Mackenzie Jackson In Aikido

SQL injection (SQLi) has a history that is older than Internet Explorer (which according to Gen Z was the start of civilization). There have been thousands of breaches caused by SQL injection and an endless amount of well-documented best practices and tools to help prevent it. So surely, surely we learned our lesson from these breaches and SQLi is no longer an issue.

Read Post

Aikido

Read more about The State of SQL Injection

OWASP Top 10 LLM is Dead: Here's Why

Nov 11, 2024 By Mend In Mend

The OWASP Top 10 for LLMs is getting an update! But is v2 going to be significantly different from v1? Check out Bar-El Tayouri's take on what's new in v2 and how it impacts hashtag#GenAI security.

View Video