Tag: application security

May 14, 2024

The innovation hub of RSAC 2024, the RSAC Early Stage Expo was specifically designed to showcase emerging players in the information security industry. Among the 50 exhibitors crammed into the second floor booth space, seven VC-backed up-and-comers in application security […]

February 28, 2023

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components […]

October 18, 2022

As part of the development of JFrog Xray’s new Secrets Detection feature, we wanted to test our detection capabilities on as much real world data as possible, both to make sure we eliminate false positives and to catch any errant […]

February 23, 2022

Argo CD is a popular open source, continuous delivery (CD) platform for Kubernetes that is used by hundreds of organizations globally. Recently, a serious vulnerability in Argo CD was uncovered by Apiiro, which enables attackers to access sensitive information such […]

January 4, 2022

If 2020 was the year that we became acutely aware of the consumer goods supply chain (toilet paper, anyone? Anyone?), then 2021 was the year that the software supply chain rose in our collective consciousness. In perhaps the most infamous […]

December 27, 2021

Earlier this month, security researchers uncovered a series of major vulnerabilities in the Log4j Java software that is used in tens of thousands of web applications. The code is widely used across consumer and enterprise systems, in everything from Minecraft, […]

December 16, 2021

Last weekend, the internet caught fire, and it is still unclear just how many developers with fire extinguishers will be needed to bring it under control. There was a set of first responders on the scene, however: largely unpaid maintainers […]

December 15, 2021

Modern software development practices make securing the software supply chain more important than ever. Our code has dependencies on open source libraries which have dependencies on other libraries and so on—a chain of code that we didn’t develop, didn’t compile, […]

December 7, 2021

Attacks on cloud-native infrastructures are on the rise. Research over a six-month period in 2021 shows a 26% increase in attacks on container environments over the previous six months. Malicious actors are targeting the auto-build process, packing the payloads, using […]

November 17, 2021

For software developers who primarily build their applications as a set of microservices deployed using containers and orchestrated with Kubernetes, a whole new set of security considerations has emerged beyond the build phase. Unlike hardening a cluster, defending at run […]

January 21, 2021

When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent (probably even more!) to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at […]

August 2, 2016

Some users’ accounts are more attractive to malicious hackers than others. Computer security experts have long focused on local administrators/root — and recently even more on all-powerful network administrators such as members of the domain admin and enterprise admin groups. […]

June 30, 2016

A Google security researcher has found high severity vulnerabilities in enterprise and consumer products from antivirus vendor Symantec that could be easily be exploited by hackers to take control of computers. Symantec released patches for the affected products, but while […]

May 10, 2016

Over the past week security researchers have seen increasing attempts by hackers to find servers vulnerable to remote code execution vulnerabilities recently found in the ImageMagick Web server library. The flaws were publicly disclosed last Tuesday by researchers who had […]

May 9, 2016

Lenovo has fixed a vulnerability in its Lenovo Solution Center support tool that could allow attackers to execute code with system privileges and take over computers. The Lenovo Solution Center (LSC) is an application that comes pre-installed on many Lenovo […]