Articles about AppSec

The application security landscape has always been a complex one and can lead to teams spending too much time hunting down vulnerabilities. With AI becoming more popular there are even greater risks to consider.

We spoke to Yossi Pik, co-founder and CTO at Backslash Security, to discuss how AppSec needs to adapt to the greater use of AI.

Continue reading →

A new survey of 200 chief information security officers (CISOs) from across diverse industries and regions finds that 49 percent of CISOs say buyers now factor application security (AppSec) into their purchasing decisions.

The study from Checkmarx shows 24 percent say that application security is 'always' a factor in those decisions. This trend is most pronounced in Europe, where 58 percent of respondents report that security is always a factor, compared to 33 percent in the Asia Pacific region and only eight percent in North America.

Continue reading →

The open source software supply chain shows signs of 'AppSec exhaustion,' with organizations showing diminished engagement in security practices and struggling to meet vulnerability management goals, according to a new report.

The study from Snyk, based on a survey of 453 professionals across application development and security, shows that open-source security is more important than ever, as hackers have recognized the efficiency of targeting open-source software as a single entry point to multiple orgs.

Continue reading →

A new study reveals that 92 percent of companies surveyed had experienced a breach in the past year due to vulnerabilities of applications developed in-house.

The report from Checkmarx shows that in recent years the responsibility for application security has shifted away from dedicated security teams and is now shared between AppSec managers and developers.

Continue reading →

Today's application security landscape is complex and can lead to teams spending a lot of time hunting down vulnerabilities. Add in the move to cloud-based development and there's an even higher volume of code to deal with

We spoke to Shahar Man, CEO at Backslash Security, to learn more about what AppSec needs to look like in this world and how it ties in with greater use of the cloud.

Continue reading →

According to a new report, 84 percent of CISOs say that they are called into sales engagements related to closing sales of their company's products and services, highlighting the connection between AppSec and business growth.

The study from Checkmarx also reveals that 96 percent of CISOs say their prospects consider the level of application security of their organizations when making purchase decisions.

Continue reading →

Digital transformation is now an integral part of the success story of every modern organization. However, there is ever greater pressure on developers to speed up release cycles as the software on which organizations rely. This is the foundation for revenue growth, competitive advantage and long terms business success so the impetus to reduce lifecycles is built on commercial necessity.   

Organizations want to be the first to market with the latest and greatest software which can mean that risks are introduced as the pressure to meet a deadline surpasses the need to ensure that all code is free from any vulnerabilities. 

Continue reading →

According to a new study, 86 percent of software developers and AppSec managers surveyed have or know someone who has knowingly deployed vulnerable code.

What's more the study from Checkmarx shows 88 percent of AppSec managers surveyed have experienced at least one breach in the last year as a direct result of vulnerable application code.

Continue reading →

With more and more organizations turning to the cloud and cloud-native application development, AppSec teams face a mounting challenge to keep pace with their development counterparts.

To address this, Backslash Security is launching a new solution to provide unified code and cloud-native security by correlating cloud context to code risk, backed by automated threat modeling, code risk prioritization, and simplified remediation across applications and teams.

Continue reading →

Application development can be linked closely to Newton’s Third Law of Motion: For every action there is an equal and opposite reaction. Developers simply want to develop, but seemingly whenever they want to develop, application security (AppSec) teams fire back with concerns ensuring the safety of the application, breeding tension and slowing development. In the wake of this tension, we must ask ourselves how we can go about ensuring security while maintaining a streamlined development process -- enter the rise of "security champions."

A security champion program is the process of spreading awareness around best security practices for organizational behavior in order to reduce overall security risk. Security champions are individuals who otherwise would not be involved in security, but receive additional training and incentives to represent security on their teams. The rise of security champions truly developed as a trend from the concern that the average developer is not being measured on security, and therefore is not focused on maintaining it. There is a popular belief, particularly in the use of open-source code, that security is not a part of the development process because it is not the responsibility of the developer to ensure the code is secure -- thus banking on the assumption that the code used is reliable. In fact, security teams, while necessary, are often viewed as bottlenecks in the process, preventing developers from constantly churning out code.

Continue reading →

Application security is becoming mainstream, and that's a good thing as it means that security testing is becoming an embedded aspect of the software development life cycle (SDLC). It also means that automated security testing tools are becoming faster, more sophisticated, and better integrated, so they're less likely to slow down developers or burden them with too many trivial findings or false positives.

But as good and necessary as AppSec testing tools are, it's not nearly enough simply to buy them and run them -- you need to buy the right ones and configure them correctly so that they help build security into your SDLC without bogging it down. It's important to implement a security strategy and a plan. It’s also important to employ developers with the skills to build trust into your software -- a concept known as 'holistic AppSec'.

Continue reading →

Threats to web, mobile and API-based apps are developing rapidly and the average time taken to fix them isn't improving, with critical vulnerabilities remaining open on average for 202 days.

NTT Application Security has released its latest AppSec Stats Flash report looking at the current state of application security and the wider threat landscape. It finds the utilities sector the worst, with with 66 percent of applications in the industry having at least one serious exploitable vulnerability throughout the year.

Continue reading →

The transition to agile development, the rise of microservices, and an increased reliance on cloud services for business operations due to the pandemic have all contributed to an explosion in software development and a dramatic reduction in software delivery time.

But as the speed and complexity of application development skyrockets, application security professionals increasingly find themselves unable to keep up. Silicon Valley startup ArmorCode has produced a next-generation application security solution that consolidates three key AppSec needs into a single intelligent platform and it's raised $3 million in seed financing to develop it further.

Continue reading →

For many organizations, the immediate shift to remote work meant IT pros had to manage a hyper-accelerated, mass cloud migration coupled with large-scale SaaS platform rollouts. Daily users of Microsoft Teams, for example, rose from 75 million to 115 million in less than six months. Now that the first tidal wave of digital transformation has passed, IT and security teams should recalibrate and reprioritize application security and data governance in 2021 and beyond.

And while the pandemic has underscored major SaaS platform security concerns, including a rise in sophisticated cyber threats, research indicates many organizations still struggle with the fundamental tasks needed to secure the workforce -- both remote and on-prem. Here are three common mistakes and how to avoid them.

Continue reading →