Contact Us

Free Code & Cloud Application Risk Assessment

Cookies Notice

This site uses cookies to deliver services and to analyze traffic.

Learn more
Ok, Got it

Apiiro Blog

Insights, research, and product news at the intersection of application security, DevSecOps, risk management, and software supply chain security.

All

Company News

Educational

Executive

Product

Research

Technical

Go beyond detection with Apiiro’s new actionable secrets security features

Managing secrets at the scale of modern development is also more complex than ever. Apiiro goes beyond secrets detection with new secrets security features including grouping and surfacing valid, invalid, or revoked insights.

Learn More

The 6 non-negotiables of reducing modern application attack surfaces

With just traditional tooling and manual processes, it’s nearly impossible for security teams to accurately map their application attack surfaces. Here are six essentials to effectively map and reduce application attack surfaces at scale.

Learn More

Automating material code change detection for application risk reduction and continuous compliance

How can AppSec teams keep pace with the rate of change, reliably surface changes that introduce risk, and ensure regulatory compliance—all without slowing down development?

Learn More

Top 5 AppSec metrics to track, right from Apiiro’s new dashboards

New overall and solution-specific dashboard tiles provide visual insights into important application security KPIs such as MTTR, risks over time, development velocity, material changes, and more.

Learn More

Self-enhancing pattern detection with LLMs: Our answer to uncovering malicious packages at scale

Our approach to identifying malicious open-source packages combines LLMs with proprietary pattern detection and self-enhancement to improve accuracy at scale.

Learn More

The eXtended Software Bill of Materials (XBOM): A Game Changer for Application and Supply Chain Security

Introducing XBOM, our up-leveled approach to SBOM that provides unified visibility across all application and supply chain components, their connections, risks, and more.

Learn More

Software supply chain attacks caused PyPI to temporarily suspend new users and projects

In response to overwhelming malicious activity, PyPI temporarily suspended the creation of all new users and projects.

Learn More

4 highlights from the 2023 Gartner® Innovation Insight for Application Security Posture Management (ASPM)

Over the past few decades, application security has seen dozens of market categories, hundreds of new...

Learn More

Say Hello to Apiiro’s New Risk Graph™ Explorer

Modern applications are more complex, interconnected, and ephemeral than ever. They’re made up of countless code...

Learn More

Apiiro partners with Nuaware to transform how companies in EMEA secure their cloud applications

Applications are becoming more distributed, interconnected, and dependent on third-party components than ever.

Learn More

Security industry veteran Moti Gindi joins the Apiiro as Chief Product Officer

Microsoft Defender founder, Moti Gindi, joins as Apiiro’s chief product officer to push Apiiro into the next hypergrowth phase.

Learn More

Apiiro’s AI engine detected a software supply chain attack in PyPI

The Apiiro AI engine discovered a malicious Python package that is currently presented on the python PyPI package management portal.

Learn More

Stop wasting your time on irrelevant changes while developing software

Find out how you can identify and fix material changes with Apiiro so your developers can focus on bringing more value to customers!

Learn More

Dropbox developer account breached: 130 private repositories, secrets leak

The latest incident involves Dropbox and relates to exposed secrets from 130 private repositories belonging to the company.

Learn More

OpenSSL 3.0.7: Newest vulnerability patch aftermath

The latest release of OpenSSL contains a patch for recent vulnerabilities and announced just a week ago on October 25th.

Learn More

New OpenSSL critical CVE: What you need to know

A few days ago OpenSSL, the widely-used cryptography/TLS  project released a very rare announcement that notified...

Learn More

Inside Toyota’s secret leak from a supply chain vulnerability

A recent leak of almost 300,000 of Toyota's customer emails and control numbers showcases the risks of exposed secrets in code.

Learn More

8 key NIST guidelines in new federal regulations to be aware of

Find our strategies to build cybersecurity around the NIST guidelines that form new regulations announced by the White House.

Learn More

The practical guide to software bill of materials (SBOM)

Software bill of materials is a document that provides tracking for all of the key elements in the software development supply chain.

Learn More

How to mitigate API risks during development

To effectively monitor security of APIs, you need to take the necessary steps and know what to look for in API code.

Learn More

Detect application architecture drift early in the SDLC

Find out how to detect cloud-native application architecture drift and deal with it early in the SDLC.

Learn More

Apiiro extends right! From code to runtime

Cloud has transformed the way development teams design, develop, build and deploy applications. Developers are moving...

Learn More

Go beyond OSS dependencies with your SBOM

A comprehensive Software Bill of Materials (SBOM) provides full visibility to what makes up software including its cloud components.

Learn More

What you need to know: 0-day vulnerability in Spring core framework (Spring4Shell)

What is Spring-Core remote code execution (RCE) vulnerability (“Spring4Shell”)? Here is what you should know.

Learn More

Shift-left API security: Protect your APIs before releasing to the cloud

Learn how to shift left security and proactively fix API code risks early in the software development lifecycle.

Learn More

Detecting Secrets in Code is a Feature, Not a Solution

Detecting and remediating secrets is only one piece of the AppSec puzzle. Issues must be understood with context alongside other security risks.

Learn More

Where cloud-native AppSec mistakes are made: Known vs. unknown vulnerabilities

Attackers are always looking for the path of least resistance. Be sure to address simple known risks to close those gaps.

Learn More

The OWASP Top 10: A new approach for cloud-native applications

With the rise of cloud-native applications, we need to change our approach to application security - not to the Top 10 itself, but how we understand and remediate Top 10 vulnerabilities.

Learn More

Malicious Kubernetes Helm charts can be used to steal sensitive information from Argo CD deployments

Apiiro's Security Research team has discovered a major vulnerability in Argo CD platform (CVE-2022-24348).

Learn More

Security during design isn’t just lip service: AppSec starts at the user story

AppSec starts at the user story. Since the speed of development has grown rapidly over the past few years, “security during design” is critical.

Learn More

Developer intentionally corrupts npm libraries, exposing weaknesses in OSS supply chain security

A rogue developer intentionally corrupted npm libraries, showing the need for developer activity analysis in supply chain security.

Learn More

Legacy SAST has grown stale: It’s time for a new approach

Static application security testing has been vital to AppSec programs for decades, but SAST lacks the context to keep up with DevOps.

Learn More

A leap forward in risk-based AppSec: The cloud native application protection platform (CNAPP)

The Cloud Native Application Protection Platform (CNAPP) is a new market definition of an integrated approach to secure cloud-native apps.

Learn More

Secure your SDLC to avoid being the source of a supply chain attack

Software supply chain attacks have changed AppSec. SolarWinds, Codecov, and more show a need for defense from design to code to cloud.

Learn More

Top 3 things we learned since winning the RSA Innovation Sandbox

Apiiro won the RSA Conference Innovation Sandbox Contest in May 2021 and we’ve been learning the following lessons since then.

Learn More

Part 1: What we learned about AppSec programs from the Twitch code leak

On Wednesday, Oct. 7 2021, an anonymous 4chan user claimed to have posted 125 GB of...

Learn More

Don’t just shift left! Extend across layers with infrastructure as code security

Businesses can do more than shift left. “Extending right” by incorporating IaC processes increases agility and improves security.

Learn More

From phishing to developers: What are the new attack vectors?

Developers are getting more responsibility and as a result, attackers can use developer identities to gain system access.

Learn More

Better together: Security champions and application security engineers

Application security engineers and security champions must work together to achieve AppSec goals and a secure software development lifecycle.

Learn More

Gartner continues the push for software supply chain security

Gartner reports there are escalating threats to software supply chains. Discover the Apiiro platform’s supply chain security capabilities.

Learn More

The secrets about exposed secrets in code

Understanding and remediating the risk of secrets in code cannot be done in isolation. Learn how to do both.

Learn More

Application security is tactical. Application risk is strategic.

Put simply: your board doesn’t care about application security. It cares about application risk, which includes both security and compliance.

Learn More

Risk-based change management for the entire SDLC

We need to take a new, risk-based approach to change management for the SDLC - and it needs to span from design to code to cloud.

Learn More

Shut down your application security program

Is your application security program aligned with your business goals and tolerance for risk? Here's how to find out.

Learn More

Stop treating all applications the same: Business impact and your AppSec program

We have a collective prioritization problem. While this is true when analyzing individual applications, it is...

Learn More

Detection and prevention of malicious commits to the PHP repository

This blog demonstrates some of Apiiro’s anomaly detection capabilities that are used by our clients to protect and secure their repositories.

Learn More

Code risk is multi-dimensional: How to build an AppRisk program

A multi-dimensional approach to code risk analysis can optimize processes by focusing SDLC tools on the “changes that matter most.”

Learn More

Security Alerts: Don’t developers have something better to do with their time?

Dealing with security alerts is a daunting task for developers and security architects as it requires much time and resources to review and triage them.

Learn More

Visibility in application and cloud security is ripe for innovation

Better information leads to better decision-making. That’s not a particularly bold statement. But at the same...

Learn More

Rethinking DevSecOps: Moving to a risk-based SDLC

Current approaches to DevSecOps fail to fully automate existing app and cloud security processes, which are periodic and do not scale.

Learn More

Detect and prevent the SolarWinds build-time code injection attack

Apiiro has developed a patent-pending technology to detect and prevent SolarWinds-style attacks before shipping binaries to production.

Learn More

Top 5 tips to prevent the SolarWinds Solorigate supply chain attack

Consider how to identify risky material code changes and prevent them from being deployed in the first place.

Learn More

SDLC and DevSecOps: Moving to a continuous and simultaneous model

By moving to continuous and simultaneous model, you are able to improve the speed of the entire DevOps process.

Learn More

Taking security challenges from a board-level discussion to a DevSecOps solution

Enterprises that allow developers to be responsible for the end-to-end delivery are at the forefront of Digital Transformation.

Learn More

Introducing Apiiro: Reinventing the secure development lifecycle

Apiiro's solution accelerates delivery and go-to-market by bridging the gap between development, security, and compliance teams.

Learn More