Security news aggregator

Latest coverage for Application Security

Application Security covers flaws in software and services that attackers can exploit to steal data, disrupt systems, or gain access.

23 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Application security is the practice of protecting software and its data throughout design, development, deployment, and maintenance. It covers applications such as web and mobile services, APIs, and the libraries and cloud configurations they depend on. Typical weaknesses include injection, broken access controls, insecure authentication, exposed secrets, unsafe deserialization, and vulnerable third-party components.

These flaws can let an attacker read or alter data, impersonate users, execute unauthorized actions, or gain a foothold in connected systems. Effective defenses include threat modeling and secure coding, peer review, automated testing, dependency and secret scanning, timely vulnerability remediation, and penetration testing for higher-risk functions. Controls must continue after release: logging and application-layer monitoring can help detect abuse, while well-tested access controls, safe configuration, and an incident-response plan limit and investigate exploitation. Vulnerability management should prioritize issues by exploitability, exposure, affected data, and the privileges available through the application.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 23 Filtered view

For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its place, a new reality took hold—one defined by alert fatigue and overwhelmed teams

The Hacker News 1 year, 3 months ago

How SSL Misconfigurations Impact Your Attack Surface

When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited.  This highlights how important your SSL configurations are in maintaining your web application security and

The Hacker News 1 year, 5 months ago

Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists.  Non-human identity security represents an emerging

Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the SDLC has never been more essential. Traditional pentesting provides a crucial snapshot of an

Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts production deadlines at risk.

The Hacker News 2 years, 1 month ago

Cyber Landscape is Evolving - So Should Your SCA

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark.  Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years. Although essential, many platforms

Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain

The Hacker News 2 years, 4 months ago

Three Tips to Protect Your Secrets from AI Accidents

Last year, the Open Worldwide Application Security Project (OWASP) published multiple versions of the "OWASP Top 10 For Large Language Models," reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models, but the evolving ways in which they can be attacked and defended. We're going to talk in this

Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications.  The benefits are undeniable; however, this shift presents new security challenges.  OPSWAT's 2023 Web Application Security report reveals: 75% of organizations have modernized their infrastructure this year

Secrets are meant to be hidden or, at the very least, only known to a specific and limited set of individuals (or systems). Otherwise, they aren't really secrets. In personal life, a secret revealed can damage relationships, lead to social stigma, or, at the very least, be embarrassing. In a developer's or application security engineer's professional life, the consequences of exposing secrets

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing (SAST) solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on costs, reduces risk, and speeds time to development, delivery, and deployment of mission-critical

Loading more headlines...