OWASP Top 10 LLM is Dead: Here's Why
The OWASP Top 10 for LLMs is getting an update! But is v2 going to be significantly different from v1? Check out Bar-El Tayouri's take on what's new in v2 and how it impacts hashtag#GenAI security.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The latest News and Information on Application Security including monitoring, testing, and open source.
The State of SQL Injection
SQL injection (SQLi) has a history that is older than Internet Explorer (which according to Gen Z was the start of civilization). There have been thousands of breaches caused by SQL injection and an endless amount of well-documented best practices and tools to help prevent it. So surely, surely we learned our lesson from these breaches and SQLi is no longer an issue.
The 7 Essential Steps for Ensuring Mobile App Security
Mobile devices now account for more than half of all web traffic, and that number seems poised to increase over the next few years. Between the Apple App Store and Google Play Store, there are already more than 5 million applications available — and not all of them are safe. A smart mobile app security strategy can mitigate some of the threats that come from unauthorized, misconfigured, or malicious software.
Visma's Security Boost with Aikido: A Conversation with Nikolai Brogaard
"Aikido helps us catch the blind spots in our security that we couldn’t fully address with our existing tools. It’s been a game-changer for us beyond just the SCA (Software Composition Analysis) solutions we originally brought them in for." A little while ago, we shared that Visma chose Aikido Security for its portfolio companies. Recently, we had the pleasure of having Nicolai Brogaard, Service Owner of SAST & SCA over in our Belgian headquarters.
Revolutionizing Risk Management in Application Security
In our hyper-connected reality, software applications are the unsung heroes of business operations. But, let's face it, with great tech comes great vulnerability to cyber shakedowns and data leaks. This begs the question: “Is scanning enough to manage risk?” Organizations are playing a high-stakes game of keeping their apps secure to safeguard their secrets.
Why is ASPM taking over AppSec?
Amir Kessler gives his perspective on one of the fundamental challenges of AppSec – making sense of huge volumes of product security issues – and how ASPM can solve this problem.
How to Fight Security Tool Sprawl with ASPM Extensibility
Chris Hughes describes the advantages of product security orchestration, which enables security teams to plug their favorite scanners into a single framework that unifies the execution and UX of multiple tools.
How to import SBOMs with Mend.io
Mend.io allows users to import previously generated SBOMs to create a new project within the application. Once imported, licensing and vulnerability data will be associated with your project’s dependencies and will be regularly monitored for updates and new vulnerabilities, similar to any other project in the application.
Stress, Certification, and Pen Testing: Nathaniel Shere's Journey - Secrets of AppSec Champions
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
CIS Control 16 Application Software Security
The way in which we interact with applications has changed dramatically over the years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organization's application against it to bypass network security controls and compromise sensitive data.