%term

The latest News and Information on Application Security including monitoring, testing, and open source.

Why securing cloud-native applications goes beyond AppSec?

Feb 2, 2025 By Amit Schendel In ARMO

In today’s landscape of microservices, Kubernetes, and cloud environments, attacks can come from multiple vectors, with varying degrees of complexity. Understanding these vectors and how to detect them is crucial for securing your infrastructure and applications. This post will explore various attack scenarios including SQL Injection and Cluster Takeover, structured around the 4 Cs of cloud security: Cloud, Cluster (Kubernetes), Container (workload), and Code (application).

Read Post

ARMO

Read more about Why securing cloud-native applications goes beyond AppSec?

Adaptive application security for the AI era

Jan 31, 2025 By Veracode In Veracode

View Video

Veracode

Read more about Adaptive application security for the AI era

Static Application Security Testing (SAST): What You Need to Know

Jan 24, 2025 By Jit In Jit

Modern software applications operate within increasingly complex ecosystems, spanning multiple layers of the stack—from the user interface and application logic to APIs, databases, and third-party dependencies. Each layer introduces unique vulnerabilities, often requiring specialized domain expertise to identify and mitigate.

Read Post

Jit

Read more about Static Application Security Testing (SAST): What You Need to Know

Launching Opengrep | Why we forked Semgrep

Jan 23, 2025 By Mackenzie Jackson In Aikido

Last month, Semgrep announced major changes to its OSS project—strategically timed for a Friday, of course ;) Since 2017, Semgrep has been a cornerstone of the open-source security community, offering a code analysis engine and rule repository alongside its SaaS product. But their recent moves raise the question: what does “open” really mean?

Read Post

Aikido

Read more about Launching Opengrep | Why we forked Semgrep

Building Trust in Cybersecurity: Insights from Veteran CISO Rob Wood | Secrets of AppSec Champions

Jan 21, 2025 By Mend In Mend

Trust is the invisible currency of business, and it's built in drops but lost in buckets. As security professionals, we often focus on competence - having the right controls, frameworks, and processes in place. But competence alone isn't enough when things go wrong. When a security incident happens, your customers' trust in you hangs in the balance. They're scared, frustrated, and looking for leadership. This is where benevolence and integrity become crucial.

View Video

Mend

Read more about Building Trust in Cybersecurity: Insights from Veteran CISO Rob Wood | Secrets of AppSec Champions

How Ping Identity Automated Security & Cut Scanning Time from Weeks to Minutes with Mend.io

Jan 20, 2025 By Mend In Mend

Join Bruno Lavit, Risk Manager at Ping Identity, as he shares how they transformed their application security process using Mend IO. Learn how Ping Identity went from time-consuming manual security scans to fully automated CI/CD pipeline integration, reducing scanning time from weeks to minutes. Ping Identity improved their security posture while accelerating software development. Perfect for AppSec managers, CSOs, and risk managers looking to enhance their security automation.

View Video

Mend

Read more about How Ping Identity Automated Security & Cut Scanning Time from Weeks to Minutes with Mend.io

Your Client Requires NIS2 Vulnerability Patching. Now What?

Jan 14, 2025 By Mackenzie Jackson In Aikido

TL;DR: The new EU cybersecurity directive, NIS2, is already reshaping how software suppliers do business through stricter vulnerability management requirements in procurement contracts. This shift is gaining momentum, and more companies will need to adapt. Aikido helps automate compliance reporting and vulnerability tracking to meet these new demands. Start your free compliance journey here, or read on to understand what this means for your business.

Read Post

Aikido

Read more about Your Client Requires NIS2 Vulnerability Patching. Now What?

Kubernetes Security Fundamentals: Authentication - Part 3

Jan 14, 2025 By Datadog In Datadog

In this video we’ll continue looking at how Kubernetes handles authentication with a look at service account token authentication.

View Video

Datadog

Read more about Kubernetes Security Fundamentals: Authentication - Part 3

How Yahoo Scaled Application Security & Saved Millions with Mend.io

Jan 14, 2025 By Mend In Mend

Join Chris Madden, Distinguished Technical Security Engineer at Yahoo, as he shares how Yahoo scaled its application security program with Mend.io. In this insightful video, Chris details the challenges Yahoo faced in managing open source security and compliance risks, and how Mend.io's AppSec platform helped them: Discover how Mend.io enabled Yahoo to address critical vulnerabilities like Log4Shell, codify security policies, and achieve quantifiable benefits across their organization. If you're looking to improve your AppSec posture, especially at enterprise scale, this video is a must-watch!

View Video

Mend

Read more about How Yahoo Scaled Application Security & Saved Millions with Mend.io

Top 10 Software Composition Analysis (SCA) tools in 2025

Jan 9, 2025 By Madeline Lawrence In Aikido

85% of the code that we use doesn’t come from our own code, it comes from our open-source components and dependencies. This means attackers can know your code better than you do! SCA tools are our best line of defense to keep our open-source supply chain secure. Software Composition Analysis (SCA) tools, also known as open-source dependency scanning, help us understand the risks we have in our open-source supply chain.

Read Post