The software industry is no longer functional. Last year alone saw over 28,000 new CVEs published, a record rise that perfectly illustrates the ongoing patching crisis facing security and development teams, which are under constant pressure to patch vulnerabilities or risk exposure. In the last 12 months, software vulnerabilities led to over 50 percent of … continue reading
New Relic has introduced enhanced features to its Interactive Application Security Testing (IAST) tool, including a novel proof-of-exploit reporting function for more effective application security testing. This update allows New Relic’s users to pinpoint exploitable vulnerabilities within their applications, allowing them to replicate issues for easier remediation before they release new software versions. This advancement … continue reading
Qualys is now allowing AppSec teams to leverage their risk management platform to assess, prioritize, and address the risks associated with first-party software and its embedded open-source components. In the digital transformation era, organizations develop their own software to run their businesses. However, first-party software often lacks the same level of disciplined vulnerability and configuration … continue reading
For all the talk of server and network security, the fact remains that applications are among the main attack vectors leveraged by bad actors. This is so because development teams are focused on delivering new functionality and features as quickly as possible. They are not usually trained in security practices, and often have little desire … continue reading
Data breaches are nothing new, but they have pretty consistently increased year-over-year. Despite the massive amounts of money companies invest into security to prevent breaches, they still commonly occur. According to a report from the Identity Theft Resource Center (ITRC), 2021 saw an all-time high of data breaches, 23% more than the previous all-time high. … continue reading
Amidst the “Shift Left and Extend Right” security trend, developers find themselves needing to implement more robust security practices into their processes. Idan Plotnik, co-founder and CEO of Apiiro, provider of an application risk management platform, discussed the ways in which developers can mitigate critical security risks in order to better protect themselves and their … continue reading
The SaaS security company Detectify last week announced the general availability of its standalone application security tool: Ugly Duckling. The tool is designed to make easier for ethical hackers to share their latest findings on vulnerabilities and then integrate them into automated security tests on Detectify’s platform. It provides the tools to create more test … continue reading
DevOps and security teams are learning how to work together, albeit somewhat awkwardly in these early days of DevSecOps. One reason why it can be difficult to get the partnership “right” is that people define DevSecOps in different ways. “If you asked a room of 10 people to define DevSecOps, you’d get 15 definitions. I … continue reading
Software security continues to be a top priority for organizations and development teams, but they are still struggling to address vulnerabilities in their applications. A recently released report revealed while organizations are beginning to increase their application testing efforts, their remediation rates are falling. The 2019 WhiteHat Application Security Statistics report is based on data … continue reading
A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading
While most organizations recognize the need to protect their web apps, their efforts tend to focus on the server side, leaving a critical attack vector exposed: the client side. The fact of the matter is the entire web application ecosystem must be protected, end to end, and that includes mobile, JavaScript, desktop, server and API. … continue reading
The 24×7 digital economy is requiring many organizations to release apps and application updates on a near-continuous basis in order to keep up with increasing customer demand—or face being left in the dust by competitors. Developer teams have their hands full trying to deliver functional, feature-rich updates on time. In this hyper-competitive environment, security is … continue reading