Application Security

Application Security | News, how-tos, features, reviews, and videos

Skull and crossbones emerge from a stream of digital cubes / malicious code / hacking / threat
micro segmentation security lock 2400x1600

A broken link in a digital chaing / weakness / vulnerability

2022: The year of software supply chain security

Strengthening the software supply chain must be priority No. 1 in the new year. Here are three areas to focus on.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

What app developers need to do now to fight Log4j exploits

Why you may already be at risk, how to detect and mitigate the Log4j vulnerabilities now, and how to improve your code security in the future.

A magnifying lens exposes an exploit amid binary code.

Why SBOM management is no longer optional

In the aftermath of Log4Shell, generating software bills of materials and quickly accessing their information will be critical to addressing the new realities of software supply chain vulnerabilities and attacks.

fire flames

How developers scrambled to secure the Log4j vulnerability

A group of developers and maintainers scrambled to secure the Log4j vulnerability over the weekend, but there is still a lot of work to do to clean up the mess.

A secure conceptual chain of hardware circuitry and CPUs / chips within a network of connections.

Securing the Kubernetes software supply chain

Microsoft’s Ratify proposal adds a verification workflow to Kubernetes container deployment.

security bug

How to detect the Log4j vulnerability in your applications

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours?

abstract arrows direction process magnifying glass search investigate

Integrate security into CI/CD with the Trivy scanner

Open source Trivy plugs into the software build process and scans container images and infrastructure-as-code files for vulnerabilities and misconfigurations.

8 encryption

A quick guide to modern cryptography

Understand the crypto concepts behind the modern internet security infrastructure, from digital signatures and transport layer security to blockchains and Bitcoin.

network security digital internet firewall binary code

The race to secure Kubernetes at run time

A new wave of startups is looking to help developers secure their containerized applications after they go into production. Is this the future of application security?

integrated network

3 reasons devops must integrate agile and ITSM tools

Automation and integration are key for companies hoping to modernize dev, ops, and security workflows.

cyber security shield lock protect

How to prevent CSRF attacks in ASP.NET Core

Take advantage of anti-forgery tokens in ASP.NET Core to protect users of your applications against cross site request forgery exploits.

FireMon network security policy management

How to secure cloud infrastructure across the development lifecycle

Empowering cloud teams with automated policy-as-code guardrails helps them move faster and more securely.

spiral spring coil / cycles / iterations

How to secure REST with Spring Security

Setting up authentication and access control in Spring Security is painstaking, but you can draw on very powerful capabilities. Here’s how to get started.

blind spot side view mirror car vehicle

Security blind spots persist as companies cross-breed security with devops

As devops matures into devsecops, cultural obstacles continue to exert drag.

cyber security fingerprint digital protection authorization identification technology verification

How to use Auth0 with Node.js and Express

Learn how to add Auth0 log-in capabilities to a Node.js/Express app and use authenticated user info to show/hide UI information and secure APIs.

fingerprint login authorization cyber security circuit lock connection access

Solving authorization for software developers

We wouldn’t roll our own cloud orchestration or payment processing software. Why are we still building our own authorization infrastructure?

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

Go fuzz to catch hard-to-find bugs in Go

Native Go fuzz testing tool is now ready for beta testing but won’t be included in upcoming release of the language.

3 keychain keys

7 keys to selecting a low-code platform

These platforms offer great potential, but capabilities vary widely. Take time to study the options.

Load More