Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.

The Shift to the Cloud and its Implications for Application Security

Mar 23, 2023 By Jeff Martin In Mend

Everybody’s doing it: shifting applications to the cloud. More flexibility. More storage. More scalability. But how does this affect application security? What challenges does it present?

Read Post

Mend

Read more about The Shift to the Cloud and its Implications for Application Security

Resolving prioritization issues faced by modern AppSec teams with EASM

Mar 17, 2023 By detectify In Detectify

At Detectify, we proudly maintain an AppSec perspective when it comes to how we handle security. But what does this mean exactly? In short, we think a lot about how both AppSec teams and developers will experience our platform and products. We know that today’s developers are feeling the pressure to get new code out to production to meet the demands of the business. These business demands have increased the need for AppSec tooling to leverage automation whenever possible.

Read Post

Detectify

Read more about Resolving prioritization issues faced by modern AppSec teams with EASM

How to ingest LimaCharlie output into Datadog

Mar 17, 2023 By Christopher Luft In LimaCharlie

Integrating LimaCharlie with Datadog increases visibility for LimaCharlie users. In this article, we will look at two ways you can configure the integration to help security teams streamline workflows.

Read Post

LimaCharlie

Read more about How to ingest LimaCharlie output into Datadog

The Five Key Principles of Modern Application Security

Mar 14, 2023 By Chris Lindsey In Mend

I recently had the pleasure of joining Marina Novikova, partner solutions architect from AWS in a webinar to discuss the key principles for building modern application security programs. We explored the big issues facing AppSec today, and why many companies are taking a new approach. As the world becomes increasingly application-driven, security can no longer be simply a box-ticking exercise for compliance purposes. It must do much more to ensure that software is delivered safely.

Read Post

Mend

Read more about The Five Key Principles of Modern Application Security

DevSecOps uses policy to take the pressure off testing

Mar 13, 2023 By Charlotte Freeman In Synopsys

Application Security Orchestration and Correlation uses processes and automation to help accelerate vulnerability testing and mitigation. In 2022, Synopsys commissioned the SANS Institute to investigate how firms are aligning their development, security, and operations teams with the organizational values, practices, and tools that compose the secure DevOps, or DevSecOps, approach.

Read Post

Synopsys

Read more about DevSecOps uses policy to take the pressure off testing

Mitigating path traversal vulns in Java with Snyk Code

Mar 6, 2023 By Brian Vermeer In Snyk

Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data.

Read Post

Snyk

Read more about Mitigating path traversal vulns in Java with Snyk Code

Install the Veracode IntelliJ Plugin

Mar 6, 2023 By Veracode In Veracode

In this video, you will learn how to install the Veracode IntelliJ Plugin, generate API ID and key credentials in the Veracode platform, and store those credentials in IntelliJ. The Veracode IntelliJ Plugin enables you to upload binaries to the Veracode Platform for static security analysis. You can then review the scan results from within IntelliJ IDEA to identify and mitigate potential security findings in your applications.

View Video

Veracode

Read more about Install the Veracode IntelliJ Plugin

Will Biden's National Cybersecurity Strategy Trigger AppSec Change?

Mar 3, 2023 By Rami Sass In Mend

Every federal administration for the past 20 years has issued a cybersecurity strategy, so in one sense the National Cybersecurity Strategy issued by the Biden administration on March 2, 2023 is not unexpected. The big difference, however, lies in the recommendations: For the first time, the government is pressing for regulatory mandates on key industry sectors that control wide swathes of critical infrastructure nationwide.

Read Post

Mend

Read more about Will Biden's National Cybersecurity Strategy Trigger AppSec Change?

Just Who Exactly Should Take Responsibility for Application Security?

Mar 2, 2023 By Carol Hildebrand In Mend

Recent high-profile software supply chain breaches have sharpened the focus on application security. But as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce the number of vulnerabilities that now routinely make it into production applications. However, real life is a little messier.

Read Post

Mend

Read more about Just Who Exactly Should Take Responsibility for Application Security?

Instantly scalable dynamic application security testing

Mar 1, 2023 By Vishrut Iyengar In Synopsys

Reduce complexity, increase scalability, and improve cost-efficiency while providing absolute coverage with DAST solution WhiteHat Dynamic. Despite the proliferation of application security testing (AST) tools in use today, most organizations knowingly or unknowingly push vulnerable code to production.

Read Post