Security news aggregator

Latest coverage for Application Security

Application Security covers flaws in software and services that attackers can exploit to steal data, disrupt systems, or gain access.

112 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Application security is the practice of protecting software and its data throughout design, development, deployment, and maintenance. It covers applications such as web and mobile services, APIs, and the libraries and cloud configurations they depend on. Typical weaknesses include injection, broken access controls, insecure authentication, exposed secrets, unsafe deserialization, and vulnerable third-party components.

These flaws can let an attacker read or alter data, impersonate users, execute unauthorized actions, or gain a foothold in connected systems. Effective defenses include threat modeling and secure coding, peer review, automated testing, dependency and secret scanning, timely vulnerability remediation, and penetration testing for higher-risk functions. Controls must continue after release: logging and application-layer monitoring can help detect abuse, while well-tested access controls, safe configuration, and an incident-response plan limit and investigate exploitation. Vulnerability management should prioritize issues by exploitability, exposure, affected data, and the privileges available through the application.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 112 Filtered view
Bank Info Security 3 months, 2 weeks ago

Where AI Labs Will and Won't Disrupt Cybersecurity

Foundation Capital's Sid Trivedi on the Three Markets AI Labs Can't Easily EnterAI labs are moving into application security, but three structural barriers define where they won't go, and that's where the next generation of durable security companies will be built, said Sid Trivedi, partner at Foundation Capital.

How Claude's New AI Code Scanning Tool Will Challenge Application Security LeadersAnthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.

Bank Info Security 4 months, 3 weeks ago

Why Claude Code Security Has Shaken the Cybersecurity Market

How Claude's New AI Code Scanning Tool Will Challenge Application Security LeadersAnthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.

Bank Info Security 7 months, 1 week ago

Checkmarx Purchases Tromzo to Boost AI Security Automation

Tromzo Acquisition Adds AI Team and Technology for Automated Security RemediationCheckmarx acquired AI security startup Tromzo to jumpstart its roadmap for agentic application security. The deal gives Checkmarx a ready-built platform and team focused on enterprise-grade triage and remediation agents designed to streamline vulnerability management.

Risk list highlights misconfigs, supply chain failures, and singles out prompt injection in AI apps The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains the top issue, security misconfiguration is a strong second, and software supply chain issues are still prominent.…

Joint Platform to Offer Human-Led, Automated Application Security in One PlaceBugcrowd acquired Mayhem Security to integrate automated application testing with human-led testing capabilities. The company plans to embed Pittsburgh-based Mayhem's reinforcement learning tech and AI models into its broader platform to speed up vulnerability detection.

Calypso’s Red-Teaming and Agentic Threat Tools Boost F5’s Application Security EdgeF5’s latest acquisition brings Dublin, Ireland-based CalypsoAI’s unique AI security stack into its platform to secure application traffic against LLM misuse, data leakage and shadow AI, enhancing protection for hybrid and multi-cloud environments and helping secure apps and APIs.

Bank Info Security 10 months, 1 week ago

UltraViolet Adds AppSec Services Depth With Black Duck Deal

Black Duck AppSec Services Buy Marks Shift Toward Offensive Assessment ServicesUltraViolet Cyber’s acquisition of Black Duck's application security testing services deepens its offensive capabilities and adds 400 people to its global workforce. The deal enables greater integration of assessment and defense across the software development lifecycle.

The Register 10 months, 1 week ago

Boffins build automated Android bug hunting system

AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.…

Bank Info Security 11 months, 2 weeks ago

AI Still Writing Vulnerable Code

GenAI Chooses Insecure Code Nearly Half the Time, Veracode FindsThere's been little improvement in how well AI models handle core security decisions, says a report from application security company Veracode. Large language models introduce vulnerabilities in nearly half of test cases when asked to complete secure code tasks, it found.

Loading more headlines...