Application Security

Application Security | News, how-tos, features, reviews, and videos

cloud computing / cloud network
Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

A network of connected virtual container blocks.

Most reported CVEs for Docker Hub images are harmless

JFrog used Xray Container Contextual Analysis to scan the 200 most popular community images in Docker Hub, then tallied the results for the 10 most common CVEs. 78% were not exploitable.

Multiple keys.

Public package repos expose thousands of API security tokens—and they’re active

JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways.

teamwork / developers / programmers / collaboration / conversation, discussion, gesturing

Enterprises embrace devsecops practices against supply chain attacks

Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...

Two developers collaborate on a project as they review code on a display in their workspace.

AutoRabit launches devsecops tool for Salesforce environments

CodeScan Shield comes with a new module, OrgScan, which governs organizational policies by enforcing the security and compliance rules mandated for Salesforce environments.

broken chain metal link breach security

Security is hard and won’t get much easier

Software systems are complex, and development teams have conflicting goals. Oh, and people are imperfect.

bucket with holes breach security vulnerability

Kubescape boosts Kubernetes scanning capabilities

End-to-end open source security platform for Kubernetes has added vulnerability scanning for code repositories and container image registries.

digital identity / authentication

Zero-knowledge proof finds new life in the blockchain

ZKP has decades of history in computer science and cryptography. Now, it's evolving to support decentralized authentication for blockchains and web3.

chess strategy competition

How Cloudflare emerged to take on AWS, Azure, and GCP

The upstart internet security and edge infrastructure company has reinvented itself to challenge the hyperscale cloud providers. Can it succeed?

cloud security data breach crime accessible

It’s past time to figure out cross-cloud security

The people deploying multicloud will tell you that 'security is a nightmare.' Cross-cloud abstraction and automation of security services is the right solution.

analyze / inspect / examine / find / research / magnifying glass

Build SBOMs with Microsoft’s SPDX SBOM generator

Microsoft is making its internal, cross-platform, software bill of materials generation tool public and open source.

An exclamation-mark alert in a field of abstract technology.

7 biggest Kubernetes security mistakes

The most dangerous security holes are often the most basic. Start improving your Kubernetes security posture by fixing these simple mistakes.

Binary chain links of data  >  Blockchain / blockchain security / linked elements

How we’ll solve software supply chain security

Security teams need a standard set of processes for locking down roots of trust for software artifacts, and developers need a clear path to balance open source selection against security policies. Open source has answers.

data security / padlock / binary code / digital display

Securing data at rest and data in motion

The threats to your company’s data are many and varied, and so are the techniques for keeping that data safe and secure.

A broken link in a digital chaing / weakness / vulnerability

Software developers have a supply chain security problem

Every day, software developers implicitly trust software packages, container images, dependency maintainers, repository operators, and build systems that we don’t know anything about. It’s the opposite of Zero Trust.

9 cido Venetian carnival masks

Identity, trust, and their role in modern applications

Identity, trust, and trust sharing are indispensable to our belief in the validity of the services we interact with on the internet.

security monitoring

Sysdig Secure update adds ability to stop container attacks at runtime

Sysdig's Drift Control detects and stops attempts to run packages or binary files that were added or modified at runtime.

nw speedometer speed measuring by geralt via pixabay linda perez johannessen via unsplash 2400x1600

7 devops practices to improve application performance

Devops is tough, but the choice between faster development and improving reliability shouldn't be. Consider shifting-left security, better observability, AIops platforms, and more.

conveyor production continuity distribution shipping

Are you ready to automate continuous deployment in CI/CD?

Making the leap from continuous delivery to continuous deployment requires the right skills, practices, and tools. Use this five-point checklist to prepare for launch.

Load More