Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

Securing the Software Supply Chain: Key Findings From the Mend Open Source Risk Report

Sep 20, 2023 By Mend In Mend

Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies struggle to close the remediation gap on known vulnerable open source code. It’s all in The Mend Open Source Risk Report, which details these and other significant risks posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.

View Video

Mend

Read more about Securing the Software Supply Chain: Key Findings From the Mend Open Source Risk Report

Operationalizing DevSecOps Roundtable

Sep 20, 2023 By Mend In Mend

DevSecOps best practices are increasingly being adopted to better secure software supply chains. The challenge, though, is finding ways to operationalize these processes so they’re seamless and development and deployment don’t slow down. Join Shiri Arad Ivtsan, Senior Director of Product Management – Mend.io, in this editorial roundtable as these experts explore the challenges DevOps teams and developers face in operationalizing security into their workflows and processes, what’s taking so long to do so and how AI and automation can help.

View Video

Mend

Read more about Operationalizing DevSecOps Roundtable

Malicious Packages Special Report - Attacks Move Beyond Vulnerabilities

Sep 20, 2023 By Mend In Mend

Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code are a growing threat, and they may have unknowingly infiltrated your applications.

View Video

Mend

Read more about Malicious Packages Special Report - Attacks Move Beyond Vulnerabilities

Weaponizing the Utility of Jenkins Script Consoles

Sep 15, 2023 By Rami H. In Panoptica

Jenkins misconfigurations can have far-reaching consequences; Cisco Panoptica’s attack surface scanner can detect such misconfigurations. Jenkins is a widely used tool for continuous integration and continuous delivery and deployment (CI/CD). It allows enterprise developers to automate application delivery easily, either through an enterprise-hosted or a third-party hosted Jenkins service.

Read Post

Panoptica

Read more about Weaponizing the Utility of Jenkins Script Consoles

Release with Trust or Die. Key swampUP 2023 Announcements

Sep 14, 2023 By Yoav Landman In JFrog

Every year, JFrog brings the DevOps community and some of the world’s leading corporations together for the annual swampUP conference, aimed at providing real solutions to developers and development teams in practical ways to prepare us all for what’s coming next.

Read Post

JFrog

Read more about Release with Trust or Die. Key swampUP 2023 Announcements

Container Security Fundamentals - Linux Capabilities (Part 1)

Sep 11, 2023 By Datadog In Datadog

In this video we're looking at how Linux capabilities can be used by general programs and containers to provide only specific rights they need instead of providing "root" privileges. To learn more, read our blog on Datadog’s Security Labs site.

View Video

Datadog

Read more about Container Security Fundamentals - Linux Capabilities (Part 1)

Software risk as business risk: The importance of building trusted software | Synopsys

Sep 7, 2023 By Synopsys In Synopsys

Join us at the Synopsys User Conference 2023 in Bengaluru as we explore the critical link between software risk and business risk. Discover the implications of software vulnerabilities, cybersecurity incidents, and the importance of building trust in your software supply chain. Gain insights into managing business velocity while maintaining secure software development practices. Learn why software security is a top priority in today's rapidly evolving technological landscape and how it impacts your organization's risk management.

View Video

Synopsys

Read more about Software risk as business risk: The importance of building trusted software | Synopsys

AppSec Decoded: Strategies for identifying and preventing malicious code in your SDLC | Synopsys

Sep 5, 2023 By Synopsys In Synopsys

The threat of malicious packages in npm is real and requires proactive measures to mitigate the risks. Learn about the strategies developers can adopt to protect their apps.

View Video

Synopsys

Read more about AppSec Decoded: Strategies for identifying and preventing malicious code in your SDLC | Synopsys

Getting Started with Panoptica on AWS using Kubernetes Goat

Sep 1, 2023 By Jan Schulte In Panoptica

In this blog you will learn how to easily secure your microservices apps running on Amazon EKS cluster using Panoptica, Cisco's cloud native application security SaaS service. We use an open source Kubernetes Goat application to see common misconfigurations, real-world vulnerabilities, and security issues in Kubernetes clusters, containers, and cloud native environments.

Read Post

Panoptica

Read more about Getting Started with Panoptica on AWS using Kubernetes Goat

7 AppSec tips from Snowflake's Director of Product Security

Aug 31, 2023 By Brian Piper In Snyk

At this year’s AWS re:Invent, Mic McCully, Field CTO at Snyk, spoke with Jacob Salassi, Director of Product Security at Snowflake. They discussed what it looked like for Snowflake to overcome various security challenges with the right combination of processes, company culture shifts, and tool partners (including Snyk!). Read on to learn about the practices Jacob and his team established to create a successful application security program.

Read Post