Detecting vulnerable code in software dependencies is more complex than it seems

In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional sof… Continue reading Detecting vulnerable code in software dependencies is more complex than it seems

High number of security flaws found in EMEA-developed apps

Applications developed by organizations in Europe, Middle East and Africa tend to contain more security flaws than those created by their US counterparts, according to Veracode. Across all regions analysed, EMEA also has the highest percentage of ‘high… Continue reading High number of security flaws found in EMEA-developed apps

Ecommerce retailers facing a 350% increase in fraudulent online orders

As the holiday shopping season hits full stride, ecommerce retailers across Europe face a new era of malicious attacks spurred by a COVID-inspired transformation in ecommerce and a 350% increase in fraudulent online orders, according to data published … Continue reading Ecommerce retailers facing a 350% increase in fraudulent online orders

Increasing speed of vulnerability scans ultimately increases security fixes overall

Next-generation static application security testing (SAST) and intelligent software composition analysis (SCA) can increase the speed of vulnerability scans and narrow their scope to highlight reachable issues, a ShiftLeft report reveals. This ultimate… Continue reading Increasing speed of vulnerability scans ultimately increases security fixes overall

The basics of security code review

With staffing ratios often more than 200 developers for every AppSec professional, scaling security requires increasing the developer’s engagement in securing the product. To do that, developers must be responsible for the security of the code they wri… Continue reading The basics of security code review

Salesforce DevSecOps: Avoiding Arrested Development

Salesforce is a feature-rich SaaS platform designed for custom development and user modification. Its business power is driven by the ease of customization from both AppExchange downloads and its massive developer ecosystem. However, when Salesforce i… Continue reading Salesforce DevSecOps: Avoiding Arrested Development

Announcing ShiftLeft CORE — A Code Security Platform

Announcing ShiftLeft CORE — A Code Security Platform
We are excited to announce the launch of our new platform — ShiftLeft CORE! The word platform is often overused and misused. Many companies rename their existing products and acquisitions, rearrange … Continue reading Announcing ShiftLeft CORE — A Code Security Platform

What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA

The BSIMM is an annual study of the real-world software security initiatives – “SSIs” in the report – across the software industry drawing from data and experience from 130 organizations. Rather than repeat the aim of the study, this quote sums it… Continue reading What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA

It’s Time to Update Your Drupal Now!

As part of our ongoing mission to help organizations develop and deploy more secure software and applications, and in light of Checkmarx’s expanded insight into the open source security landscape with its recently launched SCA solution, the Check… Continue reading It’s Time to Update Your Drupal Now!

Cooking up secure code: A foolproof recipe for open source

The use of open source code in modern software has become nearly ubiquitous. It makes perfect sense: facing ever-increasing pressures to accelerate the rate at which new applications are delivered, developers value the ready-made aspect of open source … Continue reading Cooking up secure code: A foolproof recipe for open source