Contact Us

Free Cloud-Native Application Risk Assessment

Cookies Notice

This site uses cookies to deliver services and to analyze traffic.

Learn more
Ok, Got it

The Apiiro Blog

The latest Risk-Based AppSec & DevSecOps insights

All

Educational

Executive

Technical

Detect Application Architecture Drift Early in the SDLC

Specifications Describe What We Want To Develop The development of cloud-native applications involves multiple individuals working...

Learn More

Apiiro Extends Right! From Code to Runtime

Cloud has transformed the way development teams design, develop, build and deploy applications. Developers are moving...

Learn More

Go Beyond OSS Dependencies with your SBOM

The U.S. Executive Order on Improving the Nation’s Cybersecurity requires a Software Bill of Materials (SBOM)...

Learn More

What You Need to Know: 0-Day Vulnerability in Spring Core Framework (Spring4Shell)

Over the past 24 hours, from the time Cyber Kendra published the initial blog post, there was...

Learn More

Shift-Left API Security: Protect your APIs Before Releasing to the Cloud

APIs are essential to software development and innovation but they are – by their very nature...

Learn More

Detecting Secrets in Code is a Feature, Not a Solution

The market for “Secrets in Code” is booming! A single hardcoded password, token, or API key...

Learn More

Where Cloud-Native Application Security Mistakes are Made: “Known” vs. “Unknown” Vulnerabilities

Application Security leaders often make a foundational mistake when building their AppSec programs: they think from...

Learn More

The OWASP Top 10 – A New Approach for Cloud-Native Applications

The OWASP Top 10 has been an essential guide for Application Security professionals since 2003 –...

Learn More

Malicious Kubernetes Helm Charts can be used to steal sensitive information from Argo CD deployments

Apiiro’s Security Research team has uncovered a major software supply chain 0-day vulnerability (CVE-2022-24348) in Argo...

Learn More

Security at the Design is Not Just Lip Service: AppSec Starts at the User Story

I was speaking with an experienced Application Security Architect recently when he made a stunning statement:...

Learn More

Developer Intentionally Corrupts npm Libraries, Exposing Weaknesses in OSS Supply Chain Security

How developer activity analysis is crucial to detecting rogue developers and repository abuse Fourteen months after...

Learn More

Legacy SAST Has Grown Stale. It’s Time for a New Approach.

Static Application Security Testing (SAST) tools have been the foundation of application security programs for 2...

Learn More

A Leap Forward in Risk-Based Application Security: The Cloud Native Application Protection Platform (CNAPP)

A gap in current thinking has become so obvious and critical that an entirely new approach...

Learn More

Secure Your SDLC to Avoid Being the Source of a Supply Chain Attack

Software Supply Chain attacks have changed the application security landscape and are one of the most...

Learn More

Top 3 Things We’ve Learned in the 5 Months Since Winning the RSA Innovation Sandbox 2021

When Apiiro won the RSA Conference Innovation Sandbox Contest in May, it was in many ways...

Learn More

Part 1: What We Learned from the Twitch Code Leak about Application Security Programs

On Wednesday, Oct. 7 2021, an anonymous 4chan user claimed to have posted 125 GB of...

Learn More

Don’t Just Shift Left! Extend Right with Infra as Code

What’s left to say about Shift Left? Making informed decisions earlier in the development process has...

Learn More

From Phishing to Developers – The New Attack Vector

“Shift Left and Extend Right” is the primary driver for digital transformation, but it is also...

Learn More

Better together: Security Champions and Application Security Engineers

In a previous blog post – Security Alerts: Don’t Developers Have Something Better to Do With...

Learn More

Gartner Continues the Push for Software Supply Chain Security

“By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a...

Learn More

The Secrets about Exposed Secrets in Code

Finding exposed secrets in code sounds simple, doesn’t it? Just look for field names like “password”,...

Learn More

Application Security is Tactical. Application Risk is Strategic

“Security” and “Risk” are often used interchangeably. That is a mistake that has a tangible impact...

Learn More

Application Risk Round Table With Industry Leaders

We recently hosted a round table discussion with top-notch Investors, CISOs, and Risk Management leaders, including:...

Learn More

Risk-Based Change Management for the Entire SDLC

There are many reasons organizations change their applications, infrastructure, and business priorities. Customers demand new features...

Learn More

Shut Down Your Application Security Program

No, I’m not kidding. Shut down your application security program. After speaking with hundreds of organizations...

Learn More

Stop Treating All Applications the Same!

We have a collective prioritization problem. While this is true when analyzing individual applications, it is...

Learn More

Detection and Prevention of Malicious Commits to the PHP Repository

The Motivation On Sunday, March 28th, members of the PHP team identified malicious code commits to...

Learn More

Code Risk is Multi-Dimensional

Call to Action: Transform your AppSec program into an AppRisk program! Today, everything is code! From...

Learn More

Security Alerts: Don’t Developers Have Something Better to Do With Their Time?

In the last two decades, with the rise of mobile, web, and cloud applications with multiple...

Learn More

Visibility in Application and Cloud Security is Ripe for Innovation

Better information leads to better decision-making. That’s not a particularly bold statement. But at the same...

Learn More

Re-Thinking DevSecOps: Moving to a Risk-Based SDLC

How security and compliance are integrated into the development lifecycle needs a fundamental re-examination. Organizations are...

Learn More

Detect and prevent the SolarWinds build-time code injection attack

We have developed a patent-pending technology to detect and prevent SolarWinds-style attacks before shipping binaries to...

Learn More

Top 5 tips to prevent the SolarWinds Solorigate supply chain attack

Vendors in the security industry continue to investigate the supply chain Solorigate attack and its implications...

Learn More

SDLC and DevSecOps – Moving to a Continuous and Simultaneous Model

The world keeps getting faster. People use their phones to do work on the bus. They...

Learn More

Taking security challenges from a board-level discussion to a DevSecOps solution

If you are a CIO or a CISO of a large enterprise, you experience first-hand those...

Learn More

Introducing Apiiro – Reinventing The Secure Development Lifecycle

After almost two decades in the cybersecurity industry with two acquisitions under our belts, I feel...

Learn More