Cookies Notice

This site uses cookies to deliver services and to analyze traffic.

Learn more
Ok, Got it

The AppRisk Blog

The latest Risk-Based AppSec & DevSecOps insights

Better together: Security Champions and Application Security Engineers

In a previous blog post – Security Alerts: Don’t Developers Have Something Better to Do With...

Learn More

Gartner Continues the Push for Software Supply Chain Security

“By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a...

Learn More

The Secrets about Secrets in Code

Finding secrets in code sounds simple, doesn’t it? Just look for field names like “password”, “token”,...

Learn More

Application Security is Tactical. Application Risk is Strategic

“Security” and “Risk” are often used interchangeably. That is a mistake that has a tangible impact...

Learn More

Application Risk Round Table With Industry Leaders

I recently hosted a round table discussion with top-notch Investors, CISOs, and Risk Management leaders, including:...

Learn More

Risk-Based Change Management for the Entire SDLC

There are many reasons organizations change their applications, infrastructure, and business priorities. Customers demand new features...

Learn More

Shut Down Your Application Security Program

No, I’m not kidding. Shut down your application security program. After speaking with hundreds of organizations...

Learn More

Stop Treating All Applications the Same!

We have a collective prioritization problem. While this is true when analyzing individual applications, it is...

Learn More

Detection and Prevention of Malicious Commits to the PHP Repository

The Motivation On Sunday, March 28th, members of the PHP team identified malicious code commits to...

Learn More

Code Risk is Multi-Dimensional

Call to Action: Transform your AppSec program into an AppRisk program! Today, everything is code! From...

Learn More

Security Alerts: Don’t Developers Have Something Better to Do With Their Time?

In the last two decades, with the rise of mobile, web, and cloud applications with multiple...

Learn More

Visibility in Application and Cloud Security is Ripe for Innovation

Better information leads to better decision-making. That’s not a particularly bold statement. But at the same...

Learn More

Re-Thinking DevSecOps: Moving to a Risk-Based SDLC

How security and compliance are integrated into the development lifecycle needs a fundamental re-examination. Organizations are...

Learn More

Detect and prevent the SolarWinds build-time code injection attack

We have developed a patent-pending technology to detect and prevent SolarWinds-style attacks before shipping binaries to...

Learn More

Top 5 tips to prevent the SolarWinds Solorigate supply chain attack

Vendors in the security industry continue to investigate the supply chain Solorigate attack and its implications...

Learn More

SDLC and DevSecOps – Moving to a Continuous and Simultaneous Model

The world keeps getting faster. People use their phones to do work on the bus. They...

Learn More

Taking security challenges from a board-level discussion to a DevSecOps solution

If you are a CIO or a CISO of a large enterprise, you experience first-hand those...

Learn More

Introducing apiiro – Reinventing Secure Development Lifecycle

After almost two decades in the cybersecurity industry with two acquisitions under our belts, I feel...

Learn More