Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

How to Protect Your Cloud Assets from Being Cryptojacked

Cryptojacking attacks have become the most prevalent type of attack on cloud native infrastructures. For example, in 2022, there were 139M cryptojacking attacks, but the following year there were over 1 billion! That translates to nearly 3M cryptojacking attacks every day, on average in 2023.

How to Protect Your Business From API Data Leaks

Application Programming Interfaces (APIs) are rapidly becoming the primary attack vector for cloud native applications. In fact, according to one study, 92% of organizations have already experienced a security incident resulting from insecure APIs. This is because loosely coupled microservices predominantly intercommunicate via APIs. In this video, we will analyze a ‘ripped from the headlines’ case-study example of data leakage via insecure APIs. Then we will examine various API vulnerabilities that can be exploited by attackers to enable data leaks, including Broken User Authentication (BUA), Broken Object Level Authentication (BOLA), and Broken Function-Level Authentication (BFLA).

Cloud Unfiltered with Sathish Balakrishnan - Exploring the Future of AI and Automation - Episode 12

Join host Michael Chenetz on this enlightening episode of Cloud Unfiltered as we dive deep into the realms of AI and automation with special guest Sathish Balakrishnan from Red Hat. Sathish, who leads the Ansible Automation Platform business, shares his valuable insights on how AI is enhancing automation technologies and the critical role of automation in leveraging AI effectively across industries.

Scaling DevSecOps with Dynamic Application Security Testing (DAST)

In the swiftly evolving landscape of AI-driven software development, DevSecOps helps strengthen application security and quality. Dynamic Application Security Testing (DAST) is a key tool that helps scale your DevSecOps program by facilitating continuous and accurate security tests on running applications. DAST simulates real-world attacks, enabling you to identify security weaknesses and evaluate your application's defenses in response to actual attacks.

AppSec spring cleaning checklist

Something about the springtime sunshine and blooming flowers inspires many of us to start cleaning. For some, it might be tackling the backyard shed that accumulated cobwebs over the winter or that overflowing junk drawer in the corner of the kitchen. As you survey your home and yard and decide where to start cleaning, it’s also a great time to look at your application security program and see if any of your existing processes need some tidying up. Here are a few great places to start.

Google Cloud affected by CVE-2021-30476

CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control.

The Application Security Assessment Checklist for Cloud Native Environments

A cloud-based application security assessment (or ASA) is a systematic evaluation to identify vulnerabilities and improve security in cloud applications. It aims to ensure the application’s structural, design, and operational integrity against all cyber threats. A staggering 82% of data breaches in 2023 involved data stored in the cloud.

kntrl integrates Open Policy Agent

Addressing the security intricacies of sophisticated automation frameworks, in our case the Continuous Integration/Continuous Deployment (CI/CD) environments, is always challenging. The inherent complexity of such environments, characterized by the multitude of components that are each performing distinct tasks, necessitates a dynamic and adaptable rule engine to ensure the security of our pipelines.

Outshift by Cisco | An Era of GenAI & Human Collaboration

AI is the key to unlocking the untapped potential within your organization. At Outshift, we invest in the future of GenAI, not as a tool that replaces human effort but as a transformative force that amplifies the creativity and ingenuity of people across your enterprise. We invite you to reimagine the role of GenAI in business. Thinking of it as a tool for connection, adaptation, and creativity - a tool with unprecedented efficiency and impact.