Security News

Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software development life cycle, from code to cloud.

In this Help Net Security video, Shahar Man, CEO of Backslash Security, offers his top three AppSec predictions for 2024, uncovering future trends. The post Top 2024 AppSec predictions appeared...

Apiiro: Deep ASPM. Apiiro goes beyond the basics, using native code-to-runtime context to unify risk visibility, assessment, prioritization, and governance across applications and software supply chains. Open platform with native AppSec and SSCS. In addition to built-in integrations with third-party security tools, Apiiro also provides native application and software supply chain security solutions.

Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a...

Public cloud infrastructure brought forth another significant shift, redefining the boundaries between applications and infrastructure. The advent of public cloud platforms, such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform, has greatly influenced the design, deployment, and management of applications.

A new research report explores emerging trends that software organizations need to consider as part of their security strategy, and risks associated with the use of existing open source software in application development. In particular, as modern software development increasingly adopts distributed architectures and microservices alongside third party and open source components, the report tracks the astonishing popularity of ChatGPT's API, how current large language model-based AI platforms are unable to accurately classify malware risk in most cases, and how almost half of all applications make no calls at all to security-sensitive APIs in their code base.

AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Far and wide, enterprises are victims of this costly 'defensive tax:' the cost of employing AppSec engineers who chase vulnerabilities rather than drive a comprehensive cloud-native AppSec program is estimated to be upwards of $1.2 million annually.

In this Help Net Security video, Frank Catucci, CTO, and Dan Murphy, Distinguished Architect at Invicti Security, break down the different types of application security testing tools, explore the...

The predictions follow industry-wide research, which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications - resulting in the need for new and more effective approaches to cloud-native application security. The distinction between application security and cloud security has clearly blurred as application security is now affected by the underlying cloud infrastructure, while cloud security professionals now have to take the application layer into account in their attack path analysis.

"We are no longer dealing with just vulnerabilities, but also with vulnerable flows between microservices. On top of that, as cloud-native applications are built on multiple infrastructure layers - the container, the cluster, and the cloud - they way these layers are configured affects what a hacker can do with these vulnerabilities," notes Ron Vider, one of the co-founders and the CTO of Oxeye. "Old-school" software composition analysis and static, dynamic, and interactive application security testing tools are run independently, are not synchronized with one another, and are unable to cross-reference and use enriched data from other code layers in the environment.