Application Security News and Articles


SurePath AI Discover classifies AI use by intent and detects sensitive data violations

SurePath AI launched SurePath AI Discover, a new offering that provides visibility into a company’s employee use of public AI services. By classifying AI use by intent and identifying sensitive data violations, companies can better ...

How to Tackle the Unique Challenges Posed by Non-Human Identities

NHIs pose a unique set of challenges and risks because they often have privileged access and lack the added security of multi-factor authentication (MFA) that can be applied to devices. The post How to Tackle the Unique Challenges Posed by ...

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

Identity phishing doesn’t just lead to data theft – it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. The post Identity Phishing: Using Legitimate Cloud Services to Steal User ...

The Ultimate Guide to the CCSP

Even the brightest minds benefit from guidance on the journey to success. The Ultimate Guide to the CCSP covers everything you need to know about the world’s leading cloud security certification. Learn how CCSP – and ISC2 – can help you ...

Planning for the Unexpected: Building Robust Disaster Recovery and Continuity Plans

A robust disaster recovery (DR) and continuity plan is not just nice; it’s a business imperative. It ensures that critical operations continue with minimal disruption, even in the face of major challenges. The post Planning for the Unexpected: ...

Tenable Patch Management prevents problematic updates

Tenable released Tenable Patch Management, an autonomous patch solution built to close vulnerability exposures in a unified solution. A strategic partnership and integration with Adaptiva provides the foundation of the solution. Vulnerability ...

LogicGate helps organizations quantify the value of GRC programs

LogicGate introduced the Governance, Risk, and Compliance (GRC) Program Value Realization Tool, available to customers through the Risk Cloud platform. This new tool provides visibility into the financial value of GRC by automatically tracking ...

The CISO: Guardian of Data while Navigating Risk Strategic Insights for the Boardroom and Shaping Future Business

The CISO: Guardian of Data while Navigating Risk Strategic Insights for the Boardroom and Shaping Future Business madhav Thu, 12/05/2024 - 06:03 CISOs have one of the most vital roles in organizations today. It is also one of the most ...

Preparing for Q-day: The essential role of cloud migration in securing enterprise data

As the era of quantum computing draws closer, businesses face a new and unprecedented threat to data security: “Q-day.” This looming turning point—when quantum machines can break traditional encryption with ease—has the potential ...

How the Shadowserver Foundation helps network defenders with free intelligence feeds

In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet security by exposing vulnerabilities, malicious activity, and emerging threats. Kijewski explains ...

Building trust in tokenized economies

As the tokenized economy expands, the digital landscape is reshaped by decentralized systems and new forms of asset ownership. In this Help Net Security video, Jeremy Bradley, COO of Zama, explores the emerging privacy-preserving technologies ...

Analyzing Tokenizer Part 2: Omen + Tokenizer

  “I have not failed. I've just found 10,000 ways that won't work” - Thomas Edison Introduction: This is a continuation of a deep dive into John the Ripper's new Tokenizer attack. Instruction on how to configure and run the original ...

Why Robust API Security is a Must for Your Business

How Does API Security Influence Cybersecurity? As a seasoned data management expert and cybersecurity specialist, I’ve witnessed firsthand the significant impact API security can have on an organization’s overall cybersecurity posture. But ...

Preventing Data Breaches with Advanced IAM Strategies

Why Are IAM Strategies Strategic to Data Breach Prevention? IAM strategies, or Identity Access Management strategies, prioritize the control and monitoring of digital identities within a system. Particularly in the world of cybersecurity, ...

National Public Data Shuts Down Months After Massive Breach

National Public Data, the data broker whose systems were breached and 2.9 billion files holding sensitive data from 170 million this year, has shut down following the attack and after a judge dismissed parent company Jerico Pictures' bankruptcy ...

DEF CON 32 – The Way To Android Root: Exploiting Smartphone GPU

Authors/Presenters: Xiling Gong, Eugene Rodionov Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention ...

SQL Injection Prevention: 6 Strategies

SQL Injection (SQLi) attacks are critical and widespread threats that inject malicious code into backend databases. This gives bad actors unauthorized access to sensitive data. These breaches can lead to stolen data, compromised systems, and ...

IAM tech debt: Balancing modernization and legacy identity infrastructure

“As enterprises modernize their identity systems to keep pace with multi-cloud strategies, they find themselves in a quagmire of technical debt, complexity, and resource constraints.” – State of Multi-Cloud Identity Report 2025 Technical ...

CMMC Level 2 Requirements: A Guide to Achieving Compliance

If your organization handles sensitive information and aims to work with the Department of Defense (DoD), you must meet the Cybersecurity Maturity Model Certification (CMMC) requirements. These standards protect Controlled Unclassified ...

Secrets Scanning: How It Works and Why It’s Important

All software development environments have secrets—think API keys, passwords, and tokens—that can lead to significant security breaches if left vulnerable. Best practices like secrets scanning detect and protect sensitive information before ...