Security News
"We are no longer dealing with just vulnerabilities, but also with vulnerable flows between microservices. On top of that, as cloud-native applications are built on multiple infrastructure layers - the container, the cluster, and the cloud - they way these layers are configured affects what a hacker can do with these vulnerabilities," notes Ron Vider, one of the co-founders and the CTO of Oxeye. "Old-school" software composition analysis and static, dynamic, and interactive application security testing tools are run independently, are not synchronized with one another, and are unable to cross-reference and use enriched data from other code layers in the environment.
While the perceived benefits of DevSecOps to both security and DevOps are high, much progress must be made in defining a repeatable and consistent governance model for true DevSecOps to take hold, a ZeroNorth survey of 250 global security, DevOps and IT professionals reveals. Specifically, the survey finds that while 76% of developers and engineers believe DevOps will own AppSec within three years, only 56% of AppSec professionals agree.
Using vulnerability data analyzed by the ZeroNorth AppSec automation and orchestration platform, these business intelligence analytics deliver a single source of truth on the overall risk and health of an organization's application security program. ZeroNorth's reporting and analytics provide high-level intelligence together with granular details on AppSec risk across the enterprise.
75% of AppSec practitioners and 49% of developers believe there is a cultural divide between their respective teams, according to ZeroNorth. Understanding the cultural divide and its implications Developer and AppSec practitioners don't agree on which function is responsible for the security of applications.
Thirty-nine percent of developers said the security team is responsible for securing apps, while 67% of AppSec practitioners said their teams are responsible, according to a new study. Seventy-five percent of application security practitioners and 49% of developers believe there is a cultural divide between their respective teams that could increase organizational risk, according to a new study by the Ponemon Institute and ZeroNorth, a provider of risk-based vulnerability orchestration across applications and infrastructure.
Nearly half of organizations regularly and knowingly ship vulnerable code despite using AppSec tools, according to Veracode. The research sheds light on how AppSec practices and tools are intersecting with emerging development methods and creating new priorities such as reducing open source risk and API testing.
Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week's Black Hat USA 2020. Erez Yalon, the director of security research with Checkmarx, discussed why these critical vulnerabilities are a "Holy grail" for attackers, and explained how the bugs are indicative of overall application security trends that will be discussed this week at Black Hat USA 2020.
There are many commonly held misbeliefs about application security. Paul Dant of Arxan Technologies separates AppSec truth from fiction.
The speed and complexity of software development is rapidly increasing. Development teams have little to no time to ensure these applications are secure, even while the biggest and most severe data breaches that have affected both the public and private sectors all operate at the application layer.
ZeroNorth, the industry’s first provider of risk-based vulnerability orchestration for applications and infrastructure, announced a new solution for Rapid Application Security, enabling customers...