How it Works
Resources
Company

Learn More About Us

About

Careers

Partners

News & Events
Blog

Cookies Notice

This site uses cookies to deliver services and to analyze traffic.

Learn more

Ok, Got it

The Apiiro Blog

The latest Risk-Based AppSec & DevSecOps insights

All

Executive

Technical

Security at the Design is Not Just Lip Service: AppSec Starts at the User Story

I was speaking with an experienced Application Security Architect recently when he made a stunning statement:...

Learn More

Developer Intentionally Corrupts npm Libraries, Exposing Weaknesses in OSS Supply Chain Security

How developer activity analysis is crucial to detecting rogue developers and repository abuse Fourteen months after...

Learn More

Legacy SAST Has Grown Stale. It’s Time for a New Approach.

Static Application Security Testing (SAST) tools have been the foundation of application security programs for 2...

Learn More

A Leap Forward in Risk-Based Application Security: The Cloud Native Application Protection Platform (CNAPP)

A gap in current thinking has become so obvious and critical that an entirely new approach...

Learn More

Secure Your SDLC to Avoid Being the Source of a Supply Chain Attack

Software Supply Chain attacks have changed the application security landscape and are one of the most...

Learn More

Top 3 Things We’ve Learned in the 5 Months Since Winning the RSA Innovation Sandbox 2021

When Apiiro won the RSA Conference Innovation Sandbox Contest in May, it was in many ways...

Learn More

Part 1: What We Learned from the Twitch Code Leak about Application Security Programs

On Wednesday, Oct. 7 2021, an anonymous 4chan user claimed to have posted 125 GB of...

Learn More

Don’t Just Shift Left! Extend Right with Infra as Code

What’s left to say about Shift Left? Making informed decisions earlier in the development process has...

Learn More

From Phishing to Developers – The New Attack Vector

“Shift Left and Extend Right” is the primary driver for digital transformation, but it is also...

Learn More

Better together: Security Champions and Application Security Engineers

In a previous blog post – Security Alerts: Don’t Developers Have Something Better to Do With...

Learn More

Gartner Continues the Push for Software Supply Chain Security

“By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a...

Learn More

The Secrets about Exposed Secrets in Code

Finding exposed secrets in code sounds simple, doesn’t it? Just look for field names like “password”,...

Learn More

Application Security is Tactical. Application Risk is Strategic

“Security” and “Risk” are often used interchangeably. That is a mistake that has a tangible impact...

Learn More

Application Risk Round Table With Industry Leaders

I recently hosted a round table discussion with top-notch Investors, CISOs, and Risk Management leaders, including:...

Learn More

Risk-Based Change Management for the Entire SDLC

There are many reasons organizations change their applications, infrastructure, and business priorities. Customers demand new features...

Learn More

Shut Down Your Application Security Program

No, I’m not kidding. Shut down your application security program. After speaking with hundreds of organizations...

Learn More

Stop Treating All Applications the Same!

We have a collective prioritization problem. While this is true when analyzing individual applications, it is...

Learn More

Detection and Prevention of Malicious Commits to the PHP Repository

The Motivation On Sunday, March 28th, members of the PHP team identified malicious code commits to...

Learn More

Code Risk is Multi-Dimensional

Call to Action: Transform your AppSec program into an AppRisk program! Today, everything is code! From...

Learn More

Security Alerts: Don’t Developers Have Something Better to Do With Their Time?

In the last two decades, with the rise of mobile, web, and cloud applications with multiple...

Learn More

Visibility in Application and Cloud Security is Ripe for Innovation

Better information leads to better decision-making. That’s not a particularly bold statement. But at the same...

Learn More

Re-Thinking DevSecOps: Moving to a Risk-Based SDLC

How security and compliance are integrated into the development lifecycle needs a fundamental re-examination. Organizations are...

Learn More

Detect and prevent the SolarWinds build-time code injection attack

We have developed a patent-pending technology to detect and prevent SolarWinds-style attacks before shipping binaries to...

Learn More

Top 5 tips to prevent the SolarWinds Solorigate supply chain attack

Vendors in the security industry continue to investigate the supply chain Solorigate attack and its implications...

Learn More

SDLC and DevSecOps – Moving to a Continuous and Simultaneous Model

The world keeps getting faster. People use their phones to do work on the bus. They...

Learn More

Taking security challenges from a board-level discussion to a DevSecOps solution

If you are a CIO or a CISO of a large enterprise, you experience first-hand those...

Learn More

Introducing Apiiro – Reinventing The Secure Development Lifecycle

After almost two decades in the cybersecurity industry with two acquisitions under our belts, I feel...

Learn More

Contact Us

Free Code Assessment

Cookies Notice

The Apiiro Blog

Security at the Design is Not Just Lip Service: AppSec Starts at the User Story

Developer Intentionally Corrupts npm Libraries, Exposing Weaknesses in OSS Supply Chain Security

Legacy SAST Has Grown Stale. It’s Time for a New Approach.

A Leap Forward in Risk-Based Application Security: The Cloud Native Application Protection Platform (CNAPP)

Secure Your SDLC to Avoid Being the Source of a Supply Chain Attack

Top 3 Things We’ve Learned in the 5 Months Since Winning the RSA Innovation Sandbox 2021

Part 1: What We Learned from the Twitch Code Leak about Application Security Programs

Don’t Just Shift Left! Extend Right with Infra as Code

From Phishing to Developers – The New Attack Vector

Better together: Security Champions and Application Security Engineers

Gartner Continues the Push for Software Supply Chain Security

The Secrets about Exposed Secrets in Code

Application Security is Tactical. Application Risk is Strategic

Application Risk Round Table With Industry Leaders

Risk-Based Change Management for the Entire SDLC

Shut Down Your Application Security Program

Stop Treating All Applications the Same!

Detection and Prevention of Malicious Commits to the PHP Repository

Code Risk is Multi-Dimensional

Security Alerts: Don’t Developers Have Something Better to Do With Their Time?

Visibility in Application and Cloud Security is Ripe for Innovation

Re-Thinking DevSecOps: Moving to a Risk-Based SDLC

Detect and prevent the SolarWinds build-time code injection attack

Top 5 tips to prevent the SolarWinds Solorigate supply chain attack

SDLC and DevSecOps – Moving to a Continuous and Simultaneous Model

Taking security challenges from a board-level discussion to a DevSecOps solution

Introducing Apiiro – Reinventing The Secure Development Lifecycle

Book a Demo