Applications

A new report from Contrast Security exposes a growing crisis at the application layer as adversaries use AI to easily launch previously sophisticated attacks at scale.

Recent reports from Verizon (DBIR 2025) and Google Mandiant (M-Trends 2025) confirm what many security leaders already suspect: components of the application layer are among the most targeted and least protected part of the modern enterprise.

As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse-engineer, analyze, and exploit applications at an alarming scale.

A new report from Digital.ai shows that 83 percent of applications are under constant attack, a nearly 20 percent increase from last year, with attack rates surging across all industries.

Fully updated to reflect modern developments in the field, the Fifth Edition of An Introduction to Optimization fills the need for an accessible, yet rigorous, introduction to optimization theory and methods, featuring innovative coverage and a straightforward approach. The book begins with a review of basic definitions and notations while also providing the related fundamental background of linear algebra, geometry, and calculus.

With this foundation, the authors explore the essential topics of unconstrained optimization problems, linear programming problems, and nonlinear constrained optimization. In addition, the book includes an introduction to artificial neural networks, convex optimization, multi-objective optimization, and applications of optimization in machine learning.

Organizations urgently need to modernize their application security practices so that they can support growth and mitigate risks according to a new report.

Thew study from Legit Security and TechTarget's Enterprise Strategy Group (ESG) finds nearly all organizations reporting difficulties in fixing vulnerabilities after applications are deployed, reinforcing the significance of incorporating security processes and tools in the build process.

Friction and lack of communication between development and security teams can lead to problems in software development and testing.

How can we bridge the gap between developer and security teams and help them see that they have common goals? We spoke to Scott Gerlach, CSO and co-founder of StackHawk, the company making web application and API security testing part of software delivery, to find out.

A new report from Veracode shows that software security debt -- flaws that have gone unfixed for over a year -- is found in 42 percent of applications.

Although the number of high-severity flaws has reduced 70.8 percent of organizations still suffer from security debt. 45.9 percent have critical security debt, that is high-severity flaws that have been unfixed for 12 months or more.

According to a new report, 84 percent of CISOs say that they are called into sales engagements related to closing sales of their company's products and services, highlighting the connection between AppSec and business growth.

The study from Checkmarx also reveals that 96 percent of CISOs say their prospects consider the level of application security of their organizations when making purchase decisions.

According to a new study, 86 percent of software developers and AppSec managers surveyed have or know someone who has knowingly deployed vulnerable code.

What's more the study from Checkmarx shows 88 percent of AppSec managers surveyed have experienced at least one breach in the last year as a direct result of vulnerable application code.

As organizations embrace cloud-native development, they are building new types of applications and microservices that are easier to scale and add more business value.

But the growing adoption of microservices has introduced new security risks because microservices and modern applications contain more 'pieces' that increase the attack surface.

The IT world is littered with acronyms and one of the latest is CNAPP, standing for Cloud Native Application Protection Platform. If you haven't heard about it already you almost certainly will do soon.

We spoke to Stanimir Markov, CEO at Runecast, about CNAPP, what it is and how it can benefit modern enterprises and their cloud environments.

If recent times have taught us anything, it is that technology and digitization capabilities continue to advance at a rapid rate. Organizations, rightly, are fearing being left behind with legacy systems, and there are many reasons why application modernization strategies make business sense.

One of the most obvious and essential drivers is cost. Maintaining and operating legacy applications will become increasingly expensive as time passes. At the same time, new software engineers will also be eager to master new technology instead of being trained on old systems. For instance, a survey conducted by UK Cloud found 83 percent of organizations saw skills and capabilities as an impediment in adopting cloud. As engineers proficient in the dated technologies leave, new training requirements will eat into budgets. 

We’ve become an application-centric society. We use apps to help us do our work, to communicate, to stream entertainment, to monitor our health, and to do a whole lot more. Over the years, the number of desktop and mobile apps has grown dramatically. Where we deliver them from has changed too. The cloud has played a huge role as we move away from strictly on-premises data centers to a hybrid cloud and multi-cloud approach. And, of course, the COVID-19 pandemic has had a profound impact on how we built, delivered, and consumed our applications in 2020. But what will 2021 bring?

Here are 10 predictions for applications and application delivery in the coming year.

Using complex cloud applications built with microservices and APIs can often expose business logic that threat actors use to infiltrate applications and private data.

A new application security company Traceable is launching today with a platform that traces end-to-end application activity from the user and session all the way through the application code. Traceable's TraceAI machine learning and distributed tracing technology analyzes data to learn normal application behavior and detect any activity that deviates from the norm.

Modern businesses rely on a variety of applications, but failing to understand the relationships between them can lead to increased risks.

To address this vArmour is launching a new version of its Application Controller solution, enabling enterprises to take control of operational risk by discovering and understanding application relationships across their IT environment and help maximize the value of their existing investments.

They say small is beautiful, and with O&O Software’s latest offering it’s hard to disagree. The German software developer has managed to pack a powerful file backup tool into a tiny 4MB portable application with the release of O&O FileBackup 1.0.

Despite its small size, the app doesn’t just do basic backups of single folders -- there’s a slick user interface, with options for automatically selecting files based on filetype, the ability to update and restore backups with just a few clicks and a built-in scheduling tool for keeping backups updated.