Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

How to Protect Your Business From API Data Leaks

May 16, 2024 By Panoptica In Panoptica
Application Programming Interfaces (APIs) are rapidly becoming the primary attack vector for cloud native applications. In fact, according to one study, 92% of organizations have already experienced a security incident resulting from insecure APIs. This is because loosely coupled microservices predominantly intercommunicate via APIs. In this video, we will analyze a ‘ripped from the headlines’ case-study example of data leakage via insecure APIs. Then we will examine various API vulnerabilities that can be exploited by attackers to enable data leaks, including Broken User Authentication (BUA), Broken Object Level Authentication (BOLA), and Broken Function-Level Authentication (BFLA).
View Video

Cloud Unfiltered with Sathish Balakrishnan - Exploring the Future of AI and Automation - Episode 12

May 14, 2024 By Panoptica In Panoptica
Join host Michael Chenetz on this enlightening episode of Cloud Unfiltered as we dive deep into the realms of AI and automation with special guest Sathish Balakrishnan from Red Hat. Sathish, who leads the Ansible Automation Platform business, shares his valuable insights on how AI is enhancing automation technologies and the critical role of automation in leveraging AI effectively across industries.
View Video
veracode

Scaling DevSecOps with Dynamic Application Security Testing (DAST)

May 14, 2024 By Jenny Buckingham In Veracode
In the swiftly evolving landscape of AI-driven software development, DevSecOps helps strengthen application security and quality. Dynamic Application Security Testing (DAST) is a key tool that helps scale your DevSecOps program by facilitating continuous and accurate security tests on running applications. DAST simulates real-world attacks, enabling you to identify security weaknesses and evaluate your application's defenses in response to actual attacks.
Read Post
Snyk

AppSec spring cleaning checklist

May 13, 2024 By Mariah Gresham In Snyk
Something about the springtime sunshine and blooming flowers inspires many of us to start cleaning. For some, it might be tackling the backyard shed that accumulated cobwebs over the winter or that overflowing junk drawer in the corner of the kitchen. As you survey your home and yard and decide where to start cleaning, it’s also a great time to look at your application security program and see if any of your existing processes need some tidying up. Here are a few great places to start.
Read Post
kondukto

Google Cloud affected by CVE-2021-30476

May 13, 2024 By Kondukto Security Team In Kondukto
CVE-2021-30476 affects HashiCorp's Terraform Vault Provider and involves incorrect configuration of bound labels for GCP (Google Cloud Platform) authentication. This issue permits unauthorized users to potentially bypass authentication mechanisms. The vulnerability stems from the Vault provider not correctly configuring the bound labels within the GCP authentication method, which could lead to improper access control.
Read Post
jit

The Application Security Assessment Checklist for Cloud Native Environments

May 9, 2024 By Avichay Attlan In Jit
A cloud-based application security assessment (or ASA) is a systematic evaluation to identify vulnerabilities and improve security in cloud applications. It aims to ensure the application’s structural, design, and operational integrity against all cyber threats. A staggering 82% of data breaches in 2023 involved data stored in the cloud.
Read Post
kondukto

kntrl integrates Open Policy Agent

May 9, 2024 By Cenk Kalpakoğlu In Kondukto
Addressing the security intricacies of sophisticated automation frameworks, in our case the Continuous Integration/Continuous Deployment (CI/CD) environments, is always challenging. The inherent complexity of such environments, characterized by the multitude of components that are each performing distinct tasks, necessitates a dynamic and adaptable rule engine to ensure the security of our pipelines.
Read Post

Outshift by Cisco | An Era of GenAI & Human Collaboration

May 7, 2024 By Panoptica In Panoptica
AI is the key to unlocking the untapped potential within your organization. At Outshift, we invest in the future of GenAI, not as a tool that replaces human effort but as a transformative force that amplifies the creativity and ingenuity of people across your enterprise. We invite you to reimagine the role of GenAI in business. Thinking of it as a tool for connection, adaptation, and creativity - a tool with unprecedented efficiency and impact.
View Video
sysdig

Accelerating AppSec with Mend.io and Sysdig

May 7, 2024 By Eric Carter In Sysdig
Today at RSA Conference 2024, Mend.io and Sysdig unveiled a joint solution targeted at helping developers, DevOps, and security teams accelerate secure software delivery from development to deployment. The integration incorporates the exchange of runtime insights and application ownership context between Sysdig Secure and Mend Container to provide users with superior, end-to-end, and risk-based vulnerability prioritization and remediation across development and production environments.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.