Application Security News and Articles


CyberArk CORA AI accelerates identity threat detection

CyberArk announced CyberArk CORA AI, a new set of AI-powered capabilities that will be embedded across its identity security platform. CORA AI will translate vast numbers of identity data points into insights and enables multi-step actions in ...

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote ...

OneTrust empowers organizations to govern data and AI without slowing down innovation

OneTrust announced new platform capabilities and enhancements to help organizations discover, secure, and responsibly use data. Available as part of the Company’s latest release, these innovations empower organizations to activate data ...

Exploring the Role of ISO/IEC 42001 in Ethical AI Frameworks

This blog delves into ISO/IEC 42001 and its role in the ethical and responsible development, deployment, and use of AI technologies. The post Exploring the Role of ISO/IEC 42001 in Ethical AI Frameworks appeared first on Scytale. The post ...

Bridging the NHI security gap: Astrix and Torq partner up

While zero-trust policies and identity-centric programs excel at protecting user identities and login credentials with IAM policies and security tools like MFA or IP restrictions, non-human identities (NHIs) like API keys, OAuth apps, service ...

SAST and Its Top Trending Tools

Introduction to SAST and Its Top Trending ToolsContinue reading on The CloudTechner Blog »

Authelia: Open-source authentication and authorization server

Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. Authelia connects directly to the reverse ...

Cybersecurity jobs available right now: May 22, 2024

Associate Director, Cyber Security AstraZeneca | Sweden | On-site – View job details You will develop and implement security policies, procedures, and operating practices in this role. You will coordinate risk profile development ...

CEOs accelerate GenAI adoption despite workforce resistance

CEOs are facing workforce, culture and governance challenges as they act quickly to implement and scale generative AI across their organizations, according to IBM. The annual global study of 3,000 CEOs from over 30 countries and 26 industries ...

Technological complexity drives new wave of identity risks

Security leaders are facing increased technological and organizational complexity, which is creating a new wave of identity risks for their organizations, according to ConductorOne. Based on a survey of 523 US-based IT security leaders at ...

Hackers Leverage AI as Application Security Threats Mount

Reverse-engineering tools, rising jailbreaking activities, and the surging use of AI and ML to enhance malware development were among the worrying trends in a recent report. AI and ML are making life easier for developers. They’re also making ...

Back to Cooking: Detection Engineer vs Detection Consumer, Again?

This is not a blog about the recent upheaval in the magical realm of SIEM. We have a perfectly good podcast / video about it (complete with hi-la-ri-ous XDR jokes, both human and AI created). This is about something that bothered me for a long ...

Securing the Gateway: Why Protecting Build Systems Is Crucial in Modern Software Development

Understand why securing build systems is as important as securing production systems. The post Securing the Gateway: Why Protecting Build Systems Is Crucial in Modern Software Development appeared first on Security Boulevard.

FUD: How Fear, Uncertainty, and Doubt can ruin your security program

The post FUD: How Fear, Uncertainty, and Doubt can ruin your security program appeared first on Click Armor. The post FUD: How Fear, Uncertainty, and Doubt can ruin your security program appeared first on Security Boulevard.

Nedir Bu AST’lar?

SDLC süreci sırasında veya sonrasında güvenlik açıklarını ve sorunlarını test etme, analiz etme ve raporlama işlemlerine Application…Continue reading on Medium »

USENIX Security ’23 – Rods with Laser Beams: Understanding Browser Fingerprinting on Phishing Pages

Authors/Presenters: Iskander Sanchez-Rola, Leyla Bilge, Davide Balzarotti, Armin Buescher, Petros Efstathopoulos Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong ...

SaaS BOM: The Advantage for Securing SaaS Ecosystems

Introduction It’s not a secret that organizations are increasingly investing in software-as-a-service (SaaS) solutions. It’s not just about keeping pace with competitors; it’s about maximizing efficiency, enhancing collaboration, and ...

Using Open-Souce and Built-In Tools for Supply Chain Validation

The post Using Open-Souce and Built-In Tools for Supply Chain Validation appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post Using Open-Souce and Built-In Tools for Supply Chain Validation appeared first ...

Legacy Systems: Learning From Past Mistakes

Legacy systems are attractive targets to bad actors because outdated components often mean that security vulnerabilities remain unpatched, offering exploitable footholds. “End of life” does not mean “end of vulnerability.” The post ...

Randall Munroe’s XKCD ‘Ocean Loop’

via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Ocean Loop’ appeared first on Security Boulevard.