Stay updated on Application Security trends and threats. Dive into the latest appsec news, expert insights, and solutions for robust app protection.
Search across headline titles and summaries.
Background for this topic.
Application Security is the practice of defending applications from threats and vulnerabilities throughout their entire lifecycle. In the context of information security, it encompasses the hardware, software, and processes that are used to close security gaps in applications during their design, development, deployment, upgrade, and maintenance phases.
Application security involves various methodologies and tools to protect applications against a wide range of threats such as data breaches, malware attacks, and other security incidents that can exploit weaknesses in an application's code, design, or deployment environment. Techniques used in application security include static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and runtime application self-protection (RASP).
Effective application security is critical, as applications are often an entry point for attackers to infiltrate a network and access sensitive data. Therefore, maintaining robust application security helps to ensure the confidentiality, integrity, and availability of both the application and the data it processes and stores.
Weekly headline count for the current query.
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]
Bitwarden CLI, the command-line interface for the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign, according to findings from JFrog and Socket
In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace.
Foundation Capital's Sid Trivedi on the Three Markets AI Labs Can't Easily EnterAI labs are moving into application security, but three structural barriers define where they won't go, and that's where the next generation of durable security companies will be built, said Sid Trivedi, partner at Foundation Capital.
Costanoa Ventures' John Cowgill on Moving From Static Analysis to Runtime DefenseArtificial intelligence-generated code is arriving faster than security teams can review it, and the risks are moving from the line level to the system level, says John Cowgill, partner at Costanoa Ventures.
How Claude's New AI Code Scanning Tool Will Challenge Application Security LeadersAnthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.
How Claude's New AI Code Scanning Tool Will Challenge Application Security LeadersAnthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.
In 2025, these startups have reimagined browser security, pioneered application security for AI-generated code, and are building consensus on agentic vs. human costs.
Take part in the new survey from Dark Reading and help uncover trends, challenges, and solutions shaping the future of application security.
Tromzo Acquisition Adds AI Team and Technology for Automated Security RemediationCheckmarx acquired AI security startup Tromzo to jumpstart its roadmap for agentic application security. The deal gives Checkmarx a ready-built platform and team focused on enterprise-grade triage and remediation agents designed to streamline vulnerability management.
Risk list highlights misconfigs, supply chain failures, and singles out prompt injection in AI apps The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains the top issue, security misconfiguration is a strong second, and software supply chain issues are still prominent.…
Joint Platform to Offer Human-Led, Automated Application Security in One PlaceBugcrowd acquired Mayhem Security to integrate automated application testing with human-led testing capabilities. The company plans to embed Pittsburgh-based Mayhem's reinforcement learning tech and AI models into its broader platform to speed up vulnerability detection.
Calypso’s Red-Teaming and Agentic Threat Tools Boost F5’s Application Security EdgeF5’s latest acquisition brings Dublin, Ireland-based CalypsoAI’s unique AI security stack into its platform to secure application traffic against LLM misuse, data leakage and shadow AI, enhancing protection for hybrid and multi-cloud environments and helping secure apps and APIs.
Black Duck AppSec Services Buy Marks Shift Toward Offensive Assessment ServicesUltraViolet Cyber’s acquisition of Black Duck's application security testing services deepens its offensive capabilities and adds 400 people to its global workforce. The deal enables greater integration of assessment and defense across the software development lifecycle.
AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.…
The addition of Black Duck's application security testing offering to UltraViolet Cyber's portfolio helps security teams find and remediate issues earlier in the security lifecycle.
AI-assisted security reviews from Anthropic and others could help level up enterprise application security in the era of vibe coding.
GenAI Chooses Insecure Code Nearly Half the Time, Veracode FindsThere's been little improvement in how well AI models handle core security decisions, says a report from application security company Veracode. Large language models introduce vulnerabilities in nearly half of test cases when asked to complete secure code tasks, it found.
From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater