Topic: application security

New Relic adds proof-of-exploit reporting to its IAST tool

New Relic has introduced enhanced features to its Interactive Application Security Testing (IAST) tool, including a novel proof-of-exploit reporting function for more effective application security testing.  This update allows New Relic’s users to pinpoint exploitable vulnerabilities within their applications, allowing them to replicate issues for easier remediation before they release new software versions. This advancement … continue reading

Qualys announces new first-party software risk management solution

Qualys is now allowing AppSec teams to leverage their risk management platform to assess, prioritize, and address the risks associated with first-party software and its embedded open-source components. In the digital transformation era, organizations develop their own software to run their businesses. However, first-party software often lacks the same level of disciplined vulnerability and configuration … continue reading

Development today: Short-term benefits, long-term risks.

For all the talk of server and network security, the fact remains that applications are among the main attack vectors leveraged by bad actors. This is so because development teams are focused on delivering new functionality and features as quickly as possible. They are not usually trained in security practices, and often have little desire … continue reading

How obfuscation can help with data breach mitigation

Data breaches are nothing new, but they have pretty consistently increased year-over-year. Despite the massive amounts of money companies invest into security to prevent breaches, they still commonly occur. According to a report from the Identity Theft Resource Center (ITRC), 2021 saw an all-time high of data breaches, 23% more than the previous all-time high.  … continue reading

Solving the challenges of shifting security left

Amidst the “Shift Left and Extend Right” security trend, developers find themselves needing to implement more robust security practices into their processes. Idan Plotnik, co-founder and CEO of Apiiro, provider of an application risk management platform, discussed the ways in which developers can mitigate critical security risks in order to better protect themselves and their … continue reading

SD Times Open-Source Project of the Week: Ugly Duckling

The SaaS security company Detectify last week announced the general availability of its standalone application security tool: Ugly Duckling. The tool is designed to make easier for ethical hackers to share their latest findings on vulnerabilities and then integrate them into automated security tests on Detectify’s platform. It provides the tools to create more test … continue reading

How to get DevSecOps right

DevOps and security teams are learning how to work together, albeit somewhat awkwardly in these early days of DevSecOps. One reason why it can be difficult to get the partnership “right” is that people define DevSecOps in different ways. “If you asked a room of 10 people to define DevSecOps, you’d get 15 definitions. I … continue reading

Report: Organizations fail to remediate app security vulnerabilities

Software security continues to be a top priority for organizations and development teams, but they are still struggling to address vulnerabilities in their applications. A recently released report revealed while organizations are beginning to increase their application testing efforts, their remediation rates are falling.  The 2019 WhiteHat Application Security Statistics report is based on data … continue reading

The future of application security

A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading

Web application security: The piece you’re probably missing

While most organizations recognize the need to protect their web apps, their efforts tend to focus on the server side, leaving a critical attack vector exposed: the client side. The fact of the matter is the entire web application ecosystem must be protected, end to end, and that includes mobile, JavaScript, desktop, server and API. … continue reading

How the new developer culture dictates development security

The 24×7 digital economy is requiring many organizations to release apps and application updates on a near-continuous basis in order to keep up with increasing customer demand—or face being left in the dust by competitors. Developer teams have their hands full trying to deliver functional, feature-rich updates on time. In this hyper-competitive environment, security is … continue reading

A guide to DevSecOps tools

Aqua Security enables enterprises to secure their container and cloud-native applications from development to production, accelerating application deployment and bridging the gap between DevOps and IT security. The Aqua Container Security Platform protects applications running on-premises or in the cloud, across a broad range of platform technologies, orchestrators and cloud providers. Aqua secures the entire … continue reading

DMCA.com Protection Status