Topic: appsec

Simplify security testing from end-to-end

As companies across the globe race to fortify their cybersecurity defenses, they’re increasingly finding themselves navigating a complex maze when it comes to security testing. The past decade of innovation has produced an ecosystem now booming with countless tools, yet aligning these tools together, and avoiding tool sprawl, is proving to have its own set of … continue reading

Qualys announces new first-party software risk management solution

Qualys is now allowing AppSec teams to leverage their risk management platform to assess, prioritize, and address the risks associated with first-party software and its embedded open-source components. In the digital transformation era, organizations develop their own software to run their businesses. However, first-party software often lacks the same level of disciplined vulnerability and configuration … continue reading

AppSec Kit: Elevate security for Vaadin applications

With a 742% average annual increase in software supply chain attacks reported by Sonatype, application security has become a top concern for businesses. Today Vaadin is excited to announce AppSec Kit, a new Acceleration Kit designed to enhance the security of your web applications built with Vaadin. AppSec Kit is currently available for Vaadin 7 and Vaadin … continue reading

SD Times news digest: Stack Overflow for Teams now free, Saltworks and Secure Code Warrior team up on secure coding, and open-source company Camunda announces new funding

The collaboration platform Stack Overflow for Teams is now free for up to 50 users and the Free plan includes ChatOps integrations to Slack and Microsoft Teams.  “The open source ethos that is foundational to this network was an inspiration for our new free offering. We’re excited to enable those who are working towards a … continue reading

AppSec vs. DevSecOps, and what that means for developers

Traditional application security is different in two key ways from what has come to be known as DevSecOps. First, modern software companies are integrating application security into their DevOps pipelines, so security becomes part of the flow. Second, it’s also about DevOps being built into application security. Patrick Carey, who leads product strategy in the … continue reading

Report: 73% of developers sacrifice security for speed

A majority of developers feel forced to sacrifice security for the speed that today’s development cycles require. A recent report from WhiteSource found 73% of security teams at organizations are forced to cut corners, and the AppSec tools they use are to check the box towards DevSecOps improvements and are not effectively used.  “There are … continue reading

Top considerations for DevSecOps to reduce security risk

To understand an enterprise’s current state of software security risk, executives, security practitioners and development teams need information. Benchmarks provide useful information on performance and risk. However, ideas about which benchmarks are most important will differ depending upon the corporate stakeholder to whom you’re speaking. For example, a business decision-maker has to justify the expense … continue reading

Report: Organizations fail to remediate app security vulnerabilities

Software security continues to be a top priority for organizations and development teams, but they are still struggling to address vulnerabilities in their applications. A recently released report revealed while organizations are beginning to increase their application testing efforts, their remediation rates are falling.  The 2019 WhiteHat Application Security Statistics report is based on data … continue reading

The future of application security

A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading

Report: Developers aren’t to blame for security issues

The idea that developers don’t care about application security is a myth. A recently released report found that not only do developers take application security seriously, they take the time to find and fix vulnerabilities in their applications. “Developers want to create great code, and to them that also means code that won’t get their … continue reading

WhiteHat Security: Improving application security with DevSecOps

Does the DevSecOps approach make a difference when it comes to improving application security? According to this year’s 12th annual WhiteHat Security “Application Security Statistics Report,” it certainly does. This year’s WhiteHat report includes a case study that details a large health organization’s successful implementation of a DevSecOps approach.  According to the study, critical vulnerabilities … continue reading

Signal Sciences releases new web protection platform

Signal Sciences today announced the availability of its Signal Sciences Web Protection Platform (WPP). WPP is new platform designed to provide threat protection for web applications, APIs, and microservices on any platform. This platform launch comes on the heels of Signal Sciences’ announcement of a $15 million series B funding round led by CRV. Signal … continue reading

DMCA.com Protection Status