Security News

AppSec Webinar: How to Turn Developers into Security Champions
2024-07-18 11:45

Let's face it: AppSec and developers often feel like they're on opposing teams. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs - a way to turn developers from adversaries into security advocates?

Stopping security breaches by managing AppSec posture
2024-04-11 03:00

Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software development life cycle, from code to cloud.

Top 2024 AppSec predictions
2024-01-08 05:00

In this Help Net Security video, Shahar Man, CEO of Backslash Security, offers his top three AppSec predictions for 2024, uncovering future trends. The post Top 2024 AppSec predictions appeared...

Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM
2023-12-06 14:00

Apiiro: Deep ASPM. Apiiro goes beyond the basics, using native code-to-runtime context to unify risk visibility, assessment, prioritization, and governance across applications and software supply chains. Open platform with native AppSec and SSCS. In addition to built-in integrations with third-party security tools, Apiiro also provides native application and software supply chain security solutions.

New Webinar: 5 Must-Know Trends Impacting AppSec
2023-10-30 12:09

Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a...

What AppSec and developers working in cloud-native environments need to know
2023-09-20 05:00

Public cloud infrastructure brought forth another significant shift, redefining the boundaries between applications and infrastructure. The advent of public cloud platforms, such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform, has greatly influenced the design, deployment, and management of applications.

LLMs and AI positioned to dominate the AppSec world
2023-07-20 04:30

A new research report explores emerging trends that software organizations need to consider as part of their security strategy, and risks associated with the use of existing open source software in application development. In particular, as modern software development increasingly adopts distributed architectures and microservices alongside third party and open source components, the report tracks the astonishing popularity of ChatGPT's API, how current large language model-based AI platforms are unable to accurately classify malware risk in most cases, and how almost half of all applications make no calls at all to security-sensitive APIs in their code base.

Inadequate tools leave AppSec fighting an uphill battle for cloud security
2023-05-19 03:30

AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Far and wide, enterprises are victims of this costly 'defensive tax:' the cost of employing AppSec engineers who chase vulnerabilities rather than drive a comprehensive cloud-native AppSec program is estimated to be upwards of $1.2 million annually.

A modern-day look at AppSec testing tools
2023-03-01 05:30

In this Help Net Security video, Frank Catucci, CTO, and Dan Murphy, Distinguished Architect at Invicti Security, break down the different types of application security testing tools, explore the...

Cloud-native application adoption puts pressure on appsec teams
2023-01-06 04:00

The predictions follow industry-wide research, which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications - resulting in the need for new and more effective approaches to cloud-native application security. The distinction between application security and cloud security has clearly blurred as application security is now affected by the underlying cloud infrastructure, while cloud security professionals now have to take the application layer into account in their attack path analysis.