Aikido

Ghent, Belgium
2022
  |  By Madeline Lawrence
TL;DR We’ve partnered with SprintoGRC, the full-stack security compliance automation platform, to help companies put security on autopilot. Get compliance done 🤝 get back to building.
  |  By Mackenzie Jackson
Intel is our open-source security threat feed powered by AI and our in-house research team. Intel monitors and uncovers vulnerabilities in open-source packages before they are disclosed. Many never are.
  |  By Madeline Lawrence
Cursor AI has quickly become the hot AI code editor, rapidly gaining popularity with developers looking to write code faster and more efficiently. But while Cursor accelerates coding, how can devs trust that Gen AI code is secure?
  |  By Johan De Keulenaer
If you missed it, over the summer months launched our product on the AWS Marketplace with the promise to deliver the fastest “time-to-security” in the industry for new AWS users. We’ve also officially joined the AWS Partner Network (APN) as a validated AWS partner. This means we went through the AWS Foundational Technical Review (FTR). We are FTR-approved* and meet the well-architected best practices enforced by AWS, not to brag. ;) Psst.
  |  By Mackenzie Jackson
Path traversal, also known as directory traversal, occurs when a malicious user manipulates user-supplied data to gain unauthorized access to files and directories. Typically the attacker will be trying to access logs and credentials that are in different directories. Path traversal is not a new vulnerability and has been actively exploited since the 90s when web servers gained popularity, many relied on Common Gateway Interface (CGI) scripts to execute dynamic server-side content.
  |  By Mackenzie Jackson
Command injection is a vulnerability still very prevalent in web applications despite being less famous than its cousins SQL injection or Code injection. If you’re familiar with other injection vulnerabilities, you’ll recognize the common principle: untrusted user input is not properly validated, leading to the execution of arbitrary system commands. This flaw occurs when unvalidated input is passed to system-level functions. So how prominent is command injection actually?
  |  By Mackenzie Jackson
When deciding what approach to use for security tooling, it seems like there are two choices. Like everything in security, there is more to unpack in reality. In this article I want to explore when open-source security tools should be used, when commercial tools are more effective, and if we can trust tools built from an open-source core.
  |  By Mackenzie Jackson
SQL injection (SQLi) has a history that is older than Internet Explorer (which according to Gen Z was the start of civilization). There have been thousands of breaches caused by SQL injection and an endless amount of well-documented best practices and tools to help prevent it. So surely, surely we learned our lesson from these breaches and SQLi is no longer an issue.
  |  By Michiel Denis
"Aikido helps us catch the blind spots in our security that we couldn’t fully address with our existing tools. It’s been a game-changer for us beyond just the SCA (Software Composition Analysis) solutions we originally brought them in for." A little while ago, we shared that Visma chose Aikido Security for its portfolio companies. Recently, we had the pleasure of having Nicolai Brogaard, Service Owner of SAST & SCA over in our Belgian headquarters.
  |  By Michiel Denis
Hi, I’m Dan Kindler and I’m the CTO and co-founder of Bound. We focus on making currency conversion and hedging cheap, fair, and most of all, easy. Our platforms help hundreds of businesses protect themselves from currency risk across the world. Currently, about half of our team is composed of engineers.

Aikido Security is an automated application security platform designed specifically for software engineering teams.

We secure your entire stack - code, open-source dependencies, infrastructure, and more and integrate into your existing workflows to provide visibility and control across your entire application infrastructure.

Our goal is to simplify security for developers through features like auto-triage of vulnerabilities, tied to whether the vulnerable code is actually used. This cuts through the noise, enabling engineering teams to focus on what matters most. Trusted by leading technology companies and validated by security experts, Aikido is the easiest way to implement application security monitoring and achieve compliance with regulations like ISO & SOC2.

We focus on the developer experience, allowing engineering teams to fix critical problems without security getting in the way of building.

The only platform that satisfies all code & cloud security needs for scaling dev teams.