Security news aggregator

Latest coverage for Application Security

Application Security covers flaws in software and services that attackers can exploit to steal data, disrupt systems, or gain access.

2 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Application security is the practice of protecting software and its data throughout design, development, deployment, and maintenance. It covers applications such as web and mobile services, APIs, and the libraries and cloud configurations they depend on. Typical weaknesses include injection, broken access controls, insecure authentication, exposed secrets, unsafe deserialization, and vulnerable third-party components.

These flaws can let an attacker read or alter data, impersonate users, execute unauthorized actions, or gain a foothold in connected systems. Effective defenses include threat modeling and secure coding, peer review, automated testing, dependency and secret scanning, timely vulnerability remediation, and penetration testing for higher-risk functions. Controls must continue after release: logging and application-layer monitoring can help detect abuse, while well-tested access controls, safe configuration, and an incident-response plan limit and investigate exploitation. Vulnerability management should prioritize issues by exploitability, exposure, affected data, and the privileges available through the application.

Showing 2 most recent headlines Filtered view
The Hacker News 2 years, 1 month ago

Cyber Landscape is Evolving - So Should Your SCA

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark.  Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years. Although essential, many platforms

Bank Info Security 2 years, 1 month ago

ISMG Editors: Opening Day Overview of InfoSec Europe 2024

Panel Discusses Trends in Ransomware, Application Security and Generative AIInformation Security Media Group editors are live at InfoSecurity Europe Conference 2024 in London with an overview of opening-day activities and hot topics including the latest ransomware trends, software security, election security and artificial intelligence risks.