%term

The latest News and Information on Application Security including monitoring, testing, and open source.

How Modern AppSec Teams Stay Audit-Ready Without Slowing Delivery

Jan 2, 2026 By Rucha Wele In Appknox

Compliance once followed a schedule. Teams prepared evidence near audit windows, ran tests in batches, and treated documentation as something assembled outside the development lifecycle. That approach no longer holds when releases ship continuously. Every commit, dependency update, and configuration change reshapes exposure and alters what evidence must exist.

Read Post

Appknox

Read more about How Modern AppSec Teams Stay Audit-Ready Without Slowing Delivery

IDOR Vulnerabilities Explained: Why They Persist in Modern Applications

Jan 2, 2026 By Sooraj Shah In Aikido

Insecure Direct Object References, commonly referred to as IDORs, remain one of the most common and damaging classes of application vulnerabilities. Despite being well documented and widely understood at a conceptual level, they continue to appear in real production systems, particularly in modern, API-driven applications.

Read Post

Aikido

Read more about IDOR Vulnerabilities Explained: Why They Persist in Modern Applications

Why Enterprise and Fortune 500 Companies are Leaving Snyk and Checkmarx for JFrog

Dec 31, 2025 By The JFrog Product Marketing Team In JFrog

Effectively protecting your software supply chain has reached a critical turning point where the traditional strategy of patching together “best of breed” or point AppSec solutions is no longer sustainable.

Read Post

JFrog

Read more about Why Enterprise and Fortune 500 Companies are Leaving Snyk and Checkmarx for JFrog

Top 5 Application Security Tools Your Team Needs in 2026

Dec 22, 2025 By Natalie Tischler In Veracode

Cyberattacks are growing in frequency and sophistication. Data from the 2024 Verizon Data Breach Investigations Report shows that breaches exploiting application vulnerabilities have increased by 180% in the last year alone. Applications remain a primary target, yet development teams are under constant pressure to innovate and deliver faster. Using disconnected or inadequate application security tools creates security gaps, slows down development pipelines, and ultimately increases business risk.

Read Post

Veracode

Read more about Top 5 Application Security Tools Your Team Needs in 2026

The Breach You Didn't Expect: Your AppSec Stack

Dec 22, 2025 By Jens Eckels In JFrog

Imagine this. Your phone rings on January 2nd, and it’s your DevSecOps and AppSec groups. A major security vulnerability is exposing your business, and your teams are trying desperately to find and fix it to protect your data. You probably have scars as far back as Log4j, as well as threats from more recent incidents like npm attacks, Glassworm and others ringing in your ears. With CVEs expected to rise by tens of thousands a year, you can envision that the situation will only worsen.

Read Post

JFrog

Read more about The Breach You Didn't Expect: Your AppSec Stack

Ep 23: How to bootstrap your AppSec program

Dec 16, 2025 By Sumo Logic, Inc. In Sumo Logic

On this episode of Masters of Data, Adam sits down with Zoe Hawkins and David Girvin to talk AppSec programs that don't suck. David's hot take from his 1Password and Red Canary days? AppSec is a people problem, not a tooling problem—stop being the person devs dodge at standup. We cover the essentials: build relationships first, threat model based on actual business risk (not your anxiety), and ditch the "shift left" obsession with scanning everything. Instead, start with offensive testing that finds vulnerabilities attackers can actually exploit.

View Video

Sumo Logic

Read more about Ep 23: How to bootstrap your AppSec program

SAST in the IDE is now free: Moving SAST to where development actually happens

Dec 15, 2025 By Trusha Sharma In Aikido

We’re making a fundamental change to how teams use SAST. SAST in the IDE is now free. This means developers can run SAST scans directly inside their editor, with real-time feedback and project-wide visibility, using the same analysis engine and SAST rules as Aikido. Detection runs automatically as developers work, without limiting coverage at the detection layer.

Read Post

Aikido

Read more about SAST in the IDE is now free: Moving SAST to where development actually happens

AI Pentesting in Action: A TL;DV Recap of Our Live Demo

Dec 15, 2025 By Trusha Sharma In Aikido

If you missed the live walkthrough of Aikido AI Pentesting, here is the short version of what happened. We set up a real application, configured the assessment, and watched the agents test live flows, explore the app, and surface confirmed findings with full traces.

Read Post

Aikido

Read more about AI Pentesting in Action: A TL;DV Recap of Our Live Demo

We Asked AI Security Experts to Explain Their Work Using Emojis #AISecurity #AI #AppSec

Dec 15, 2025 By Mend In Mend

Can you explain AI Security using only emojis? We challenged AI Security professionals to do just that — no words, just symbols. Their creative combos reveal how experts really think about risks, models, and protection in today’s AI-driven world. From to to , each emoji tells a story about securing the systems behind the world’s most powerful models. Subscribe for more creative takes on AppSec, AI Security, and secure development from the Mend.io team.

View Video

Mend

Read more about We Asked AI Security Experts to Explain Their Work Using Emojis #AISecurity #AI #AppSec

React & Next.js DoS Vulnerability (CVE-2025-55184): What You Need to Fix After React2Shell

Dec 12, 2025 By Mackenzie Jackson In Aikido

If you upgraded only to address CVE-2025-55182 (React2Shell), you may still be vulnerable. CVE-2025-55184 affects adjacent RSC code paths and can allow attackers to take your app offline, even without gaining code execution. You should ensure you’re running the latest patched React and Next.js versions, including fixes for the follow-up CVE-2025-67779.

Read Post