Security news aggregator

Latest coverage for Application Security

Application Security covers flaws in software and services that attackers can exploit to steal data, disrupt systems, or gain access.

23 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Application security is the practice of protecting software and its data throughout design, development, deployment, and maintenance. It covers applications such as web and mobile services, APIs, and the libraries and cloud configurations they depend on. Typical weaknesses include injection, broken access controls, insecure authentication, exposed secrets, unsafe deserialization, and vulnerable third-party components.

These flaws can let an attacker read or alter data, impersonate users, execute unauthorized actions, or gain a foothold in connected systems. Effective defenses include threat modeling and secure coding, peer review, automated testing, dependency and secret scanning, timely vulnerability remediation, and penetration testing for higher-risk functions. Controls must continue after release: logging and application-layer monitoring can help detect abuse, while well-tested access controls, safe configuration, and an incident-response plan limit and investigate exploitation. Vulnerability management should prioritize issues by exploitability, exposure, affected data, and the privileges available through the application.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 23 Filtered view

How Claude's New AI Code Scanning Tool Will Challenge Application Security LeadersAnthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.

Bank Info Security 4 months, 3 weeks ago

Why Claude Code Security Has Shaken the Cybersecurity Market

How Claude's New AI Code Scanning Tool Will Challenge Application Security LeadersAnthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.

Bank Info Security 7 months, 1 week ago

Checkmarx Purchases Tromzo to Boost AI Security Automation

Tromzo Acquisition Adds AI Team and Technology for Automated Security RemediationCheckmarx acquired AI security startup Tromzo to jumpstart its roadmap for agentic application security. The deal gives Checkmarx a ready-built platform and team focused on enterprise-grade triage and remediation agents designed to streamline vulnerability management.

Joint Platform to Offer Human-Led, Automated Application Security in One PlaceBugcrowd acquired Mayhem Security to integrate automated application testing with human-led testing capabilities. The company plans to embed Pittsburgh-based Mayhem's reinforcement learning tech and AI models into its broader platform to speed up vulnerability detection.

Calypso’s Red-Teaming and Agentic Threat Tools Boost F5’s Application Security EdgeF5’s latest acquisition brings Dublin, Ireland-based CalypsoAI’s unique AI security stack into its platform to secure application traffic against LLM misuse, data leakage and shadow AI, enhancing protection for hybrid and multi-cloud environments and helping secure apps and APIs.

Bank Info Security 10 months, 1 week ago

UltraViolet Adds AppSec Services Depth With Black Duck Deal

Black Duck AppSec Services Buy Marks Shift Toward Offensive Assessment ServicesUltraViolet Cyber’s acquisition of Black Duck's application security testing services deepens its offensive capabilities and adds 400 people to its global workforce. The deal enables greater integration of assessment and defense across the software development lifecycle.

Bank Info Security 11 months, 2 weeks ago

AI Still Writing Vulnerable Code

GenAI Chooses Insecure Code Nearly Half the Time, Veracode FindsThere's been little improvement in how well AI models handle core security decisions, says a report from application security company Veracode. Large language models introduce vulnerabilities in nearly half of test cases when asked to complete secure code tasks, it found.

Funding Will Fuel R&D Push Into Automated Remediation and Risk Prioritization ToolsWith code increasingly generated by AI and attackers using AI for exploits, OX Security raised $60 million to scale R&D and help developers prioritize critical vulnerabilities. The company aims to close detection gaps and reduce time-to-remediation in application security.

Bank Info Security 1 year, 6 months ago

Exit Interview: CISA's Nitin Natarajan on Threats to Watch

Deputy Director Reflects on Term and Offers Advice to SuccessorsFrom application security to zero trust, it's been a busy four years for the current leaders of the U.S. Cybersecurity and Infrastructure Security Agency. Deputy Director Nitin Natarajan discusses the agency's accomplishments and the threats that await the next administration's cyber leaders.

Bank Info Security 1 year, 7 months ago

Checkmarx CEO: Evolving Supply Chain Threats Demand Action

Checkmarx's Sandeep Johri Details Malicious Code, AI Risks in Application SecurityAs software complexities grow, supply chain security is now essential to application security, according to Sandeep Johri, Checkmarx CEO. Johri discusses the challenges of malicious code, adversarial AI and the market's call for consolidated security platforms.

Buy of Application Security Startup Enhances Code-to-Cloud Vulnerability ManagementWiz acquired application security posture management startup Dazz for $450 million to provide enterprises with a unified code-to-cloud solution. CEO Merav Bahat highlights how this partnership will streamline vulnerability management and strengthen remediation capabilities for global organizations.

Bank Info Security 1 year, 8 months ago

Detectify Eyes AppSec Expansion After Insight Partners Buy

Deal to Drive Application Security, Attack Surface Management Fusion for DetectifyWith Insight Partners as majority owner, Detectify plans to combine application security and attack surface management capabilities. Insight's purchase supports a renewed focus on R&D and engagement with application security professionals in the U.S. and Northern Europe, Detectify’s core markets.

Bank Info Security 1 year, 8 months ago

Socket Accelerates Open-Source Security With $40M Series B

Socket Plans to Triple Headcount After Big Growth, Deliver Open-Source Tools FasterA $40 million Series B investment will support Socket in rapidly scaling its team and product development. Following a 400% revenue increase, the company plans to build on its success by expanding its application security offerings and enterprise support for more programming languages.

Bank Info Security 2 years, 1 month ago

ISMG Editors: Opening Day Overview of InfoSec Europe 2024

Panel Discusses Trends in Ransomware, Application Security and Generative AIInformation Security Media Group editors are live at InfoSecurity Europe Conference 2024 in London with an overview of opening-day activities and hot topics including the latest ransomware trends, software security, election security and artificial intelligence risks.

Bank Info Security 2 years, 2 months ago

Veracode CEO on Mastering Application Security in the AI Era

New CEO Brian Roche on Application Management and the Role of AI in Managing RiskNew Veracode CEO Brian Roche discusses the importance of artificial intelligence in managing application risk, the integration of startup Longbow Security into Veracode's ecosystem, and the convergence of traditional application security with cloud security.

Loading more headlines...