Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

Cloud Unfiltered with Carlos Santana - The World of Kubernetes and Platform Engineering - Episode 17

Jun 24, 2024 By Panoptica In Panoptica

Welcome to another edition of Cloud Unfiltered! In this episode, your host Michael Chenetz dives deep into the world of Kubernetes and platform engineering with special guest Carlos Santana, a specialist solutions architect at AWS. In this episode, we discuss: Outshift is Cisco’s incubation engine, innovating what's next and new for Cisco products and sharing our expertise on emerging technologies. Discover the latest on cloud native applications, cloud application security, generative AI, quantum networking and security, future-forward tech research, our latest open source projects and more.

View Video

Panoptica

Read more about Cloud Unfiltered with Carlos Santana - The World of Kubernetes and Platform Engineering - Episode 17

Deep Dive into Application Security: Understanding Firewalls, Malware, and APIs

Jun 21, 2024 By Cloudflare In Cloudflare

In this week’s episode, we explore how Cloudflare handles application security, current trends, vulnerabilities, and future expectations. Host João Tomé is joined by Michael Tremante, Director of Product from our Application Security team. We discuss the evolution of application security and its increasing relevance today. We also go into specific use cases, covering firewall security, malware, supply chain risks, and the critical task of monitoring various vulnerabilities, including zero-day threats.

View Video

Cloudflare

Read more about Deep Dive into Application Security: Understanding Firewalls, Malware, and APIs

Mend Renovate - Deprecated Dependencies

Jun 21, 2024 By Mend In Mend

In this short demonstration, find out how Mend Renovate can discover deprecated dependencies in your applications running NPM directly in the repository. In addition, we will show alternative packages where available to keep your applications secure.

View Video

Mend

Read more about Mend Renovate - Deprecated Dependencies

Git SCM affected by CVE-2024-32002

Jun 20, 2024 By Ali Köse In Kondukto

CVE-2024-32002 was published on May 15, 2024 and is affecting versions of Git SCM. The vulnerability exploits a bug where Git can be fooled into writing files into a.git/ directory instead of a submodule's worktree. To fully mitigate this vulnerability additional steps need to be taken beyond updates.

Read Post

Kondukto

Read more about Git SCM affected by CVE-2024-32002

Cloud Unfiltered with Michael Levan - Serverless Kubernetes - Episode 16

Jun 19, 2024 By Panoptica In Panoptica

Michael Levan discusses the future of Kubernetes and whether Serverless is the next evolution. Outshift is Cisco’s incubation engine, innovating what's next and new for Cisco products and sharing our expertise on emerging technologies. Discover the latest on cloud native applications, cloud application security, generative AI, quantum networking and security, future-forward tech research, our latest open source projects and more.

View Video

Panoptica

Read more about Cloud Unfiltered with Michael Levan - Serverless Kubernetes - Episode 16

Drata Integration - How to Automate Technical Vulnerability Management

Jun 18, 2024 By Roeland Delrue In Aikido

Aikido Security is now live on the Drata Integration marketplace! That’s great news because navigating today’s cybersecurity regulatory landscape is a bit like walking a tightrope in a hurricane. As cyber threats evolve, so do the regulations designed to keep them in check. Businesses now find themselves grappling with a growing list of compliance requirements, each more stringent than the last.

Read Post

Aikido

Read more about Drata Integration - How to Automate Technical Vulnerability Management

Why "vulnerability management" falls short in modern application security

Jun 13, 2024 By Daniel Berman In Snyk

Faced with the growing complexity of software development environments, combined with expanding cyber threats and regulatory requirements, AppSec teams find themselves grappling with a daunting array of challenges. While the advent and subsequent adoption of "shift left" methodologies marks a significant and necessary step forward, it is now evident that this approach requires an accompanying mindset shift.

Read Post

Snyk

Read more about Why "vulnerability management" falls short in modern application security

ImmuniWeb Neuron | Premium Web Application Security Scanning

Jun 13, 2024 By ImmuniWeb In ImmuniWeb

ImmuniWeb Neuron unleashes the power of Machine Learning and AI to take automated web vulnerability scanning to the next level. While detecting more vulnerabilities compared to traditional web scanners, every web vulnerability scan by Neuron is equipped with a contractual zero false-positives SLA.

View Video

ImmuniWeb

Read more about ImmuniWeb Neuron | Premium Web Application Security Scanning

Navigating the Stages of AppSec Maturity: A Tactical Guide for Risk Management

Jun 13, 2024 By Chris Wysopal In Veracode

In the rapidly evolving digital landscape, the maturity of an organization's Application Security (AppSec) program is not just beneficial; it's imperative for resilience at scale and reducing security debt accumulation. Since software is increasingly central to business operations, the need for robust AppSec programs has never been more critical. Here’s a guide to understanding the various stages of AppSec maturity and how to evolve through them for effective risk management.

Read Post

Veracode

Read more about Navigating the Stages of AppSec Maturity: A Tactical Guide for Risk Management

DIY guide: 'Build vs buy' your OSS code scanning and app security toolkit

Jun 11, 2024 By Joel Hans In Aikido

You’re confident in your development chops—confident enough to know the apps you’ve built aren’t completely free of security and configuration flaws. You’ve also researched the deep ecosystem of scanning tools available and perhaps got overwhelmed by the sheer volume of choice. What’s the right “portfolio” of open-source app security tools to identify vulnerabilities in your dependencies, Infrastructure as Code (IaC) configurations, containers, and more?

Read Post