application security
Inadequate tools leave AppSec fighting an uphill battle for cloud security
AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive …
Popular fintech apps expose valuable, exploitable secrets
92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, …
A modern-day look at AppSec testing tools
In this Help Net Security video, Frank Catucci, CTO, and Dan Murphy, Distinguished Architect at Invicti Security, break down the different types of application security …
Security teams have no control over risky SaaS-to-SaaS connections
Employees are providing hundreds to thousands of third-party apps with access to the two most dominant workspaces, Microsoft 365 and Google Workspace, according to Adaptive …
Why people-driven remediation is the key to strong API security
If an organization relies on automation and tools to highlight API security issues, it is still up to a trained developer to manage API behavior. Since there is no standard …
Cloud-native application adoption puts pressure on appsec teams
Oxeye revealed five predictions expected to shape enterprise security spending in 2023. The predictions follow industry-wide research, which shows the industry is shifting …
24% of technology applications contain high-risk security flaws
With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and …
How to improve secure coding education
Did you know that not one of the top 50 undergraduate computer science programs in the U.S. requires a course in code or application security for majors? Yet the threatscape …
Critical vulnerability in Spotify’s Backstage discovered, patched
A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in …
Security leaders want consequences for insecure code
Organizations plan to invest in DevSecOps in 2023, and the level of urgency for them to do so has grown. In a recent survey conducted by the Neustar International Security …
Most missed area of zero trust: Unmanageable applications
In this Help Net Security video, Matthew Chiodi, Chief Trust Officer of Cerby, talks about the likely hole in your security strategy. This video zeroes in on one of the most …
Risk management focus shifts from external to internal exposure
Coalfire released its fourth annual Securealities Penetration Risk Report which analyzes enterprise and cloud service providers (CSPs) internal and external attack vectors, …
Featured news
Resources
Don't miss
- Mastering the cybersecurity tightrope of protection, detection, and response
- PRevent: Open-source tool to detect malicious code in pull requests
- Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
- Hackers pose as employers to steal crypto, login credentials
- Unknown and unsecured: The risks of poor asset visibility