Tag: application-security
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
UltraViolet Cyber Acquires Application Security Testing Service from Black Duck
Tags: application-security, ceo, cloud, container, cyber, penetration-testing, RedTeam, risk, risk-assessment, service, software, threatUltraViolet Cyber has acquired the application security testing services arm of Black Duck Software as part of an effort to expand the scope of the managed security services it provides. Company CEO Ira Goldstein said this addition to its portfolio will provide penetration testing, red teaming, threat modeling, cloud and container risk assessments, architecture risk..…
-
UltraViolet Cyber Acquires Application Security Testing Service from Black Duck
Tags: application-security, ceo, cloud, container, cyber, penetration-testing, RedTeam, risk, risk-assessment, service, software, threatUltraViolet Cyber has acquired the application security testing services arm of Black Duck Software as part of an effort to expand the scope of the managed security services it provides. Company CEO Ira Goldstein said this addition to its portfolio will provide penetration testing, red teaming, threat modeling, cloud and container risk assessments, architecture risk..…
-
UltraViolet Adds AppSec Services Depth With Black Duck Deal
Black Duck AppSec Services Buy Marks Shift Toward Offensive Assessment Services. UltraViolet Cyber’s acquisition of Black Duck’s application security testing services deepens its offensive capabilities and adds 400 people to its global workforce. The deal enables greater integration of assessment and defense across the software development lifecycle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ultraviolet-adds-appsec-services-depth-black-duck-deal-a-29377
-
LLM06: Excessive Agency FireTail Blog
Tags: access, ai, application-security, best-practice, breach, data, finance, flaw, jobs, LLM, risk, vulnerabilitySep 05, 2025 – Lina Romero – In 2025, we are seeing an unprecedented rise in the volume and scale of AI attacks. Since AI is still a relatively new beast, developers and security teams alike are struggling to keep up with the changing landscape. The OWASP Top 10 Risks for LLMs is a great…
-
UltraViolet Expands AppSec Capabilities With Black Duck’s Testing Business
The addition of Black Duck’s application security testing offering to UltraViolet Cyber’s portfolio helps security teams find and remediate issues earlier in the security lifecycle. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ultraviolet-expands-appsec-capabilities-black-duck-testing-business
-
KI birgt Gefahren und Chancen für die Anwendungssicherheit
Künstliche Intelligenz ist auch beim Erstellen von Anwendungs-Code beliebt wie nie und mittlerweile allgegenwärtig. Doch wo liegen die Gefahren für die Application Security beim unbedachten Einsatz als Coding-Hilfe? Wo die Chancen für den AppSec-Bereich? Cycode hat die Lage analysiert. Generative künstliche Intelligenz verbreitet sich rasant und erleichtert den Arbeitsalltag in vielen Branchen. Teils stößt… First…
-
KI-Coding wird zur riskanten Norm 81 % stellen unsicheren Code bereit
Report »Future of Application Security in the Era of AI« belegt: Unternehmen generieren bis zu 60 % ihres Codes mittels KI-Coding-Assistenten. Allerdings untersagen mittlerweile 20 % deren Nutzung offiziell. Die Studie »Future of Application Security in the Era of AI« von Checkmarx zeichnet ein umfassendes Bild davon, wie KI-gestützte Softwareentwicklung die Risikolandschaft nachhaltig verändert… First…
-
Cyberrisiko KI-Coding Angriffsfläche steigt durch unsicheren Code
Checkmarx hat die Ergebnisse des jährlichen Reports ‘Future of Application Security in the Era of AI” veröffentlicht. Die Studie zeichnet ein umfassendes Bild davon, wie KI-gestützte Softwareentwicklung die Risikolandschaft nachhaltig verändert und gibt konkrete Handlungsempfehlungen für das kommende Jahr. Befragt wurden rund 1.500 CISOs, AppSec-Verantwortliche und Entwickler aus Nordamerika, Europa und dem asiatisch-pazifischen Raum. […]…
-
MobSF Vulnerability Allows Attackers to Upload Malicious Files
Tags: application-security, cyber, exploit, flaw, framework, malicious, mobile, open-source, vulnerabilityCritical security flaws discovered in Mobile Security Framework (MobSF) version 4.4.0 enable authenticated attackers to exploit path traversal and arbitrary file write vulnerabilities, potentially compromising system integrity and exposing sensitive data. Two significant vulnerabilities have been identified in the popular Mobile Security Framework (MobSF), a widely-used open-source mobile application security testing platform. The flaws, tracked…
-
Cutting Through AppSec Noise in the Age of GenAI
The way organizations think about application security is shifting”, fast. OX Security Co-Founder and CEO Neatsun Ziv talks about why the old playbook of “scan, list, and hand over to developers” has run its course. Ziv explains how the flood of vulnerabilities”, now averaging close to 100 new disclosures daily”, collides with today’s resource-strapped security…
-
Künstliche Intelligenz birgt Gefahren und Chancen für die Anwendungssicherheit”‹
Künstliche Intelligenz ist auch beim Erstellen von Anwendungs-Code beliebt wie nie und mittlerweile allgegenwärtig. Doch wo liegen die Gefahren für die Application-Security beim unbedachten Einsatz als Coding-Hilfe? Wo die Chancen für den AppSec-Bereich? Generative künstliche Intelligenz verbreitet sich rasant und erleichtert den Arbeitsalltag in vielen Branchen. Teils stößt GenAI für Mitarbeitende sogar Türen in Geschäftsbereiche…
-
CCSP certification: Exam, cost, requirements, training, salary
Tags: access, application-security, best-practice, china, cloud, compliance, computer, credentials, cybersecurity, data, governance, infosec, infrastructure, jobs, risk, skills, training, usaCCSP vs. CISSP: ISC2 also offers the Certified Information Systems Security Professional (CISSP) certification aimed at upper-level security pros with industry experience. The biggest difference between these two certifications is that the CISSP exam draws from a much broader and more general pool of security knowledge, as it is meant to show that you can design,…
-
Webinar: Why Top Teams Are Prioritizing CodeCloud Mapping in Our 2025 AppSec
Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions.Scary, right? In 2025, the average data…
-
DigiCert Discloses Details of Two Massive DDoS Attacks
DigiCert revealed today that over the last month it has thwarted two separate distributed denial of service (DDoS) attacks that peaked at more than 2.4 and 3.7 terabits per second (Tbps). Carlos Morales, senior vice president and general manager for DDoS and application security at DigiCert, said both attacks were thwarted by UltraDDoS Protect network..…
-
DigiCert Discloses Details of Two Massive DDoS Attacks
DigiCert revealed today that over the last month it has thwarted two separate distributed denial of service (DDoS) attacks that peaked at more than 2.4 and 3.7 terabits per second (Tbps). Carlos Morales, senior vice president and general manager for DDoS and application security at DigiCert, said both attacks were thwarted by UltraDDoS Protect network..…
-
BSidesSF 2025: State Of (Absolute) AppSec
Creator, Author and Presenter: Seth Law, Ariel Shin, Lakshmi Sudheer, Ken Johnson Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no…
-
Security Culture: When Are We Really Creating Change? with Marisa Fagan
Tags: application-securityDiscover insights from The Elephant in AppSec episode with Marisa Fagan. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/security-culture-when-are-we-really-creating-change-with-marisa-fagan/
-
How to build a secure AI culture without shutting people down
In this Help Net Security video, Michael Burch, Director of Application Security at Security Journey, explains how organizations can build a secure AI culture. He highlights … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/26/ai-security-culture-video/
-
How Exposure Management Has Helped Tenable Reduce Risk and Align with the Business
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In the second of a two-part blog series, Tenable CSO Robert Huber shares how exposure management has helped him reduce risk and better align with the business. You can read the entire Exposure…
-
How Exposure Management Has Helped Tenable Reduce Risk and Align with the Business
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In the second of a two-part blog series, Tenable CSO Robert Huber shares how exposure management has helped him reduce risk and better align with the business. You can read the entire Exposure…
-
Do Claude Code Security Reviews Pass the Vibe Check?
AI-assisted security reviews from Anthropic and others could help level up enterprise application security in the era of vibe coding. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/do-claude-code-security-reviews-pass-vibe-check
-
The Future of Pentesting: Can AI Replace Human Expertise? ⎥ Jyoti Raval
Discover insights from The Elephant in AppSec episode with Jyoti Raval First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/the-future-of-pentesting-can-ai-replace-human-expertise-%e2%8e%a5-jyoti-raval/
-
ASPM buyer’s guide: 7 products to help secure your applications
Tags: access, ai, api, application-security, attack, business, ceo, cloud, compliance, container, crowdstrike, data, detection, endpoint, exploit, gartner, google, guide, iam, identity, infrastructure, ivanti, marketplace, microsoft, monitoring, okta, open-source, oracle, programming, risk, software, supply-chain, threat, tool, vulnerability, vulnerability-managementProtect the software development lifecycle (SDLC) and supply chain pipelinesAutomate software testingIntegrate with various applications to mitigate and remove various risksFeatures offered by ASPMs vary widely. As a result, tools can prove difficult to evaluate in terms of exactly what is being protected, what data and metadata is being collected to inform security judgments, and…
-
Three Ways to Ensure Regulatory and Legislative Compliance with non-Oracle Java
Many global regulations and legislations have strict requirements around Java application security, incident reporting, and more. Azul has an unmatched set of solutions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/three-ways-to-ensure-regulatory-and-legislative-compliance-with-non-oracle-java/