David Lindner, Director, Application Security

AppSec Observer

Insight #1 One of the most significant errors an organization can make is assuming they are not a target. This belief is especially prevalent among small and medium-sized businesses (SMBs), and it represents a dangerous oversight. An estimated 69% of SMBs reported experiencing at least one cyberattack in the last ... Read More

Insight #1 I was at the Kernelcon conference last week and heard that Gen AI is going to wreck development because there will be more vulnerabilities than ever. In the same breath, I heard that Gen AI is going to fix more vulnerabilities faster. Can it be both? ... Read More

Insight #1 A recent report found that security and privacy concerns are holding back the use of artificial intelligence (AI) in organizations. That’s absolutely true, but it’s not the main cause. Rather, the overarching problem that’s hurting adoption is, and will continue to be, the inaccuracy of responses ... Read More

Insight #1 According to Google, zero days being exploited in the wild jumped 50% last year. I just don't understand your thought process if you are not looking at control layers like Runtime Security to help detect and prevent these unknown vulnerabilities ... Read More

Insight #1 Things are well and good in the hacker community, as they are now attacking critical water systems. But honestly, one of the attacks was due to a default admin password on some operations gear. How can we do better? These problems should have been solved by now ... Read More

Insight #1 If you want insight into how difficult security is, look at the Cybersecurity and Infrastructure Security Agency (CISA). The agency was recently breached through a Common Vulnerability and Exposure (CVE) it had placed on its Known Exploited Vulnerabilities (KEV) list. It's difficult out there, folks; keep fighting the ... Read More

Insight #1 If you’re not performing routine tabletop exercises to ensure that your organization is protected from cybersecurity vulnerabilities, you should be. It's one thing to have detailed processes for executing during an incident, but if you never test those processes, how do you know they work? ... Read More

Insight #1 As was made clear by the recent blowup over Google’s Gemini image creation tool last week (it generated “embarrassing and offensive results,” as one publication put it), AI is proving more and more to be unpredictable and biased. How does the industry solve these issues? Do we need ... Read More

Insight #1 The post quantum encryption era is upon us, and Apple is leading the charge to protect against future quantum computing attacks by boosting security on its iMessage platform, adding a new form of message encryption on top of its existing encryption tools ... Read More

Insight #1 How are you protecting your web and application programming interface (API) applications from attack? In 2023, Contrast Protect blocked 12 million legitimate attacks (including zero days such as the recent Confluence remote-code execution [RCE] vulnerability) out of 4 billion detected attack events. What's stopping you from increasing your ... Read More