Application Security

This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us. We also discuss whether Secure by Design's goals are practical or not. OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet. Also, Wat...

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more on the Security Weekly News.

This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response. Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish. Is it bad that 70% of DevSecOps profe...

The five vulnerabilities could lead to local privilege escalation without user interaction.

In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations. We also discuss the fuzzy line between "cloud-native" AppSec and ev...

Raj Mallempati, CEO of BlueFlag Security, has found real joy in creating a new category. But it has not all been easy. Hiring the initial team was a big obstacle, working long hours does occur, and he is always thinking about the business. The most important thing he has done so far is to invest in customer success early and often, gaining trust...

Socket researchers say malicious package "Fabrice" has been live on PyPI since 2021.

Women are increasingly taking on top roles within Russian-speaking threat actor groups.

Generative AI has been the talk of the technology industry for the past 18+ months. Companies are seeing its value, so generative AI budgets are growing. With more and more AI agents expected in the coming years, it’s essential that we are securing how consumers interact with generative AI agents and how developers build AI agents into their apps. ...

Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and whether fuzzing is better), and more! Also check out this presentation from BSides Knoxville that we talked about briefly, https://youtu.be/DLn7Noex_fc?feature=shared