Application Security

CISA Outlines Efforts to Secure Open Source Software

CISA Outlines Efforts to Secure Open Source Software 2024-03-08 at 18:03 By Ionut Arghire Concluding a two-day OSS security summit, CISA details key actions to help improve open source security. The post CISA Outlines Efforts to Secure Open Source Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original […]

CISA Outlines Efforts to Secure Open Source Software Read More »

Organizations are knowingly releasing vulnerable applications

Organizations are knowingly releasing vulnerable applications 2024-03-05 at 06:18 By Help Net Security 92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house, according to Checkmarx. AppSec managers and developers share application security duties In recent years the responsibility for application security has shifted away from dedicated

Organizations are knowingly releasing vulnerable applications Read More »

Cyber Insights 2024: APIs – A Clear, Present, and Future Danger

Cyber Insights 2024: APIs – A Clear, Present, and Future Danger 2024-02-28 at 17:46 By Kevin Townsend The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale. The post Cyber Insights 2024: APIs – A Clear, Present, and Future Danger appeared first on

Cyber Insights 2024: APIs – A Clear, Present, and Future Danger Read More »

No Security Scrutiny for Half of Major Code Changes: AppSec Survey

No Security Scrutiny for Half of Major Code Changes: AppSec Survey 2024-02-15 at 17:02 By Ionut Arghire Only 54% of major code changes go through a full security review, a new CrowdStrike State of Application Security report reveals. The post No Security Scrutiny for Half of Major Code Changes: AppSec Survey appeared first on SecurityWeek.

No Security Scrutiny for Half of Major Code Changes: AppSec Survey Read More »

How threat actors abuse OAuth apps

How threat actors abuse OAuth apps 2024-02-08 at 06:31 By Help Net Security OAuth apps have become prominent in several attack groups’ TTPs in recent years. OAuth apps are used for every part of the attack process. In this Help Net Security video, Tal Skverer, Research Team Lead at Astrix Security, shares insights on how

How threat actors abuse OAuth apps Read More »

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities 2024-02-05 at 20:02 By Ionut Arghire Google announces $1 million investment in improving Rust’s interoperability with legacy C++ codebases. The post Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities appeared first on SecurityWeek. This article is an

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities Read More »

Google Open Sources AI-Aided Fuzzing Framework

Google Open Sources AI-Aided Fuzzing Framework 2024-02-05 at 14:46 By Ionut Arghire Google has released its fuzzing framework in open source to boost the ability of developers and researchers to identify vulnerabilities. The post Google Open Sources AI-Aided Fuzzing Framework appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

Google Open Sources AI-Aided Fuzzing Framework Read More »

Tor Code Audit Finds 17 Vulnerabilities

Tor Code Audit Finds 17 Vulnerabilities 2024-01-31 at 15:47 By Eduard Kovacs Over a dozen vulnerabilities discovered in Tor audit, including a high-risk flaw that can be exploited to inject arbitrary bridges.  The post Tor Code Audit Finds 17 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

Tor Code Audit Finds 17 Vulnerabilities Read More »

Unlocking sustainable security practices with secure coding education

Unlocking sustainable security practices with secure coding education 2024-01-30 at 06:31 By Help Net Security Despite stringent regulations and calls for ‘security by design’, organizations are still failing to equip teams with the knowledge to secure code, according to Security Journey. In fact, only 20% of respondents were confident in their ability to detect a

Unlocking sustainable security practices with secure coding education Read More »

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise 2024-01-12 at 14:31 By Ionut Arghire Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. The post New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise appeared first on SecurityWeek. This article

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise Read More »

Top 2024 AppSec predictions

Top 2024 AppSec predictions 2024-01-08 at 07:01 By Help Net Security In this Help Net Security video, Shahar Man, CEO of Backslash Security, offers his top three AppSec predictions for 2024, uncovering future trends. The post Top 2024 AppSec predictions appeared first on Help Net Security. This article is an excerpt from Help Net Security

Top 2024 AppSec predictions Read More »

The dynamic relationship between AI and application development

The dynamic relationship between AI and application development 2024-01-04 at 06:31 By Help Net Security In this Help Net Security video, Greg Ellis, General Manager, Application Security, at Digital.ai, discusses how artificial intelligence is revolutionizing the way applications are developed and redefining the possibilities within the tech industry. The post The dynamic relationship between AI

The dynamic relationship between AI and application development Read More »

Aqua Security Scores $60M Series E Funding

Aqua Security Scores $60M Series E Funding 2024-01-03 at 23:01 By Ryan Naraine Late-stage player in the CNAPP space secures a $60 million extended Series E funding round at a valuation north of $1 billion. The post Aqua Security Scores $60M Series E Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Aqua Security Scores $60M Series E Funding Read More »

SentinelOne Snaps up Seed-Stage CNAPP Startup PingSafe

SentinelOne Snaps up Seed-Stage CNAPP Startup PingSafe 2024-01-03 at 22:01 By Ryan Naraine SentinelOne plans to acquire PingSafe in a cash-and-stock deal that adds cloud native application protection platform (CNAPP) technologies. The post SentinelOne Snaps up Seed-Stage CNAPP Startup PingSafe appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

SentinelOne Snaps up Seed-Stage CNAPP Startup PingSafe Read More »

Wiz and Apiiro partner to provide context-driven security from code to cloud

Wiz and Apiiro partner to provide context-driven security from code to cloud 19/12/2023 at 17:03 By Mirko Zorz Apiiro, a leading application security posture management (ASPM) solution, today announced its partnership with Wiz, the leading cloud security company and Cloud Native Application Protection Platform (CNAPP) provider. By joining Wiz Integrations (WIN), Apiiro brings the power

Wiz and Apiiro partner to provide context-driven security from code to cloud Read More »

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity 18/12/2023 at 17:16 By Ionut Arghire NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks. The post NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity Read More »

Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle

Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle 12/12/2023 at 23:47 By Ryan Naraine Adobe warned users on both Windows and macOS systems about exposure to code execution, memory leaks and denial-of-service security issues. The post Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle appeared first on SecurityWeek. This article is

Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle Read More »

Apple Ships iOS 17.2 With Urgent Security Patches

Apple Ships iOS 17.2 With Urgent Security Patches 12/12/2023 at 01:31 By Ryan Naraine Cupertino’s flagship mobile OS vulnerable to arbitrary code execution and data exposure security vulnerabilities. The post Apple Ships iOS 17.2 With Urgent Security Patches appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Apple Ships iOS 17.2 With Urgent Security Patches Read More »

Alert fatigue puts pressure on security and development teams

Alert fatigue puts pressure on security and development teams 08/12/2023 at 08:02 By Help Net Security Security practitioners are under a tremendous amount of pressure to secure today’s applications, according to Cycode. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders

Alert fatigue puts pressure on security and development teams Read More »

Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs

Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs 07/12/2023 at 19:01 By Ionut Arghire Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps. The post Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs Read More »

Scroll to Top