AppSec

This is How Orchestration Can Break the AppSec Stalemate

| | AppSec, Blog
Since joining ZeroNorth, I’ve spent a lot of time meeting with companies to discuss the challenges and opportunities… The post This is How Orchestration Can Break the AppSec Stalemate appeared first on ...
Blog | ZeroNorth
Two Years After the Release of the 2017 OWASP Top Ten, Limited Improvements Shown

Two Years After the Release of the 2017 OWASP Top Ten, Limited Improvements Shown

| | AppSec, security
Contrast Labs finds that 71% of applications have at least one OWASP Top Ten vulnerability when onboarded to Contrast Assess ...
Security Influencers Blog
WhatsApp Security Flaw Stems from Vulnerable Open Source Library

What Developers Need to Know About WhatsApp’s Recent Security Dilemma

| | application health, AppSec, embedded malicious code, Industry commentary, malware prevention, open source application scan
Last week, reports, like this one from Dark Reading, surfaced a remotely exploitable bug found in Facebook’s popular WhatsApp chat app, that spies on users and specifically targeted human rights groups. Facebook ...
Sonatype Blog

Why Does Security Matter For DevOps?

| | Application Security, AppSec, DEVOPS, devops frameworks, enterprise security, Post developers/devops, security, women in devops, Women In Tech
If you had $10,000, would you rather build a deck for your home or a fence? ...
Sonatype Blog
null

Advancing Application Delivery

| | application, AppSec, continuous delivery, delivery pipeline, Deployment Pipeline, pipelines, Post security/devsecops
Are you in an organization implementing Continuous Delivery? Are you a manager who wants to see your applications respond at the pace of the market - or better, be in front of ...
Sonatype Blog

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

| | 2019 State of the Software Supply Chain Report, Application Security, AppSec, Data Security, Open Source Security, security
How’s that deodorant of yours working? If you wanted to hear yesterday’s presentation you had to crowd in, close -- it was standing room only. Sonatype’s Derek Weeks (@weekstweets) presented at Global ...
Sonatype Blog
Why you need to be thinking about API Security

Why you need to be thinking about API Security

| | api, API security, Application Security Awareness, Application Security Trends, Application Security Vulnerabilities, AppSec, AppSec Tips & Best Practices, Blog, OWASP API Security Project, Secure Application Development
As cyber attackers continue to take advantage of vulnerable people, processes, and technology, they are now expanding their operations beyond “traditional” targets. It seems that nothing is outside of their jurisdiction and ...
Blog – Checkmarx
SCA Data rolled up into the dashboard in Fortify on Demand

New Micro Focus, Sonatype Partnership Provides 360 Degree View of AppSec

| | AppSec, DevSecOps, Fortify, micro focus, Post security/devsecops, Product
In today’s world, we know that most security breaches occur because of application vulnerabilities. We also know that most typical software applications are, on average, comprised of 85% open source software. These ...
Sonatype Blog

Security Should Stop Being a Drag

| | AppSec, deployment, Deployment Pipeline, DevSecOps, FEATURED, Industry commentary, Post security/devsecops, shift left
About a year ago during my talk at the Nexus User Conference, and during a Virtual Session for RSA Conference APJ, I mentioned that a pipeline shouldn’t fail just because a security ...
Sonatype Blog
Better, Faster, Stronger: Nexus Lifecycle's Improved JIRA Add-on Gives Developers and AppSec Something to High-Five About

Better, Faster, Stronger: Nexus Lifecycle’s Improved JIRA Add-on Gives Developers and AppSec Something to High-Five About

| | Application Security, AppSec, bug triage, FEATURED, jira, Nexus Lifecycle, Product
We’re happy to announce another helpful integration for Nexus Lifecycle -- our new and improved Nexus IQ Add-on for JIRA! Anyone involved in the product development process knows just how critical Atlassian’s ...
Sonatype Blog