Contact Us

Cookies Notice

This site uses cookies to deliver services and to analyze traffic.

Learn more
Ok, Got it

The AppRisk Blog

The latest Risk-Based AppSec & DevSecOps insights

All

Executive

Technical

Legacy SAST Has Grown Stale. It’s Time for a New Approach.

Static Application Security Testing (SAST) tools have been the foundation of application security programs for 2...

Learn More

A Leap Forward in Risk-Based Application Security: The Cloud Native Application Protection Platform (CNAPP)

A gap in current thinking has become so obvious and critical that an entirely new approach...

Learn More

Secure Your SDLC to Avoid Being the Source of a Supply Chain Attack

Software Supply Chain attacks have changed the application security landscape and are one of the most...

Learn More

Top 3 Things We’ve Learned in the 5 Months Since Winning the RSA Innovation Sandbox 2021

When Apiiro won the RSA Conference Innovation Sandbox Contest in May, it was in many ways...

Learn More

Part 1: What We Learned from the Twitch Code Leak about Application Security Programs

On Wednesday, Oct. 7 2021, an anonymous 4chan user claimed to have posted 125 GB of...

Learn More

Don’t Just Shift Left! Extend Right with Infra as Code

What’s left to say about Shift Left? Making informed decisions earlier in the development process has...

Learn More

From Phishing to Developers – The New Attack Vector

“Shift Left and Extend Right” is the primary driver for digital transformation, but it is also...

Learn More

Better together: Security Champions and Application Security Engineers

In a previous blog post – Security Alerts: Don’t Developers Have Something Better to Do With...

Learn More

Gartner Continues the Push for Software Supply Chain Security

“By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a...

Learn More

The Secrets about Secrets in Code

Finding secrets in code sounds simple, doesn’t it? Just look for field names like “password”, “token”,...

Learn More

Application Security is Tactical. Application Risk is Strategic

“Security” and “Risk” are often used interchangeably. That is a mistake that has a tangible impact...

Learn More

Application Risk Round Table With Industry Leaders

I recently hosted a round table discussion with top-notch Investors, CISOs, and Risk Management leaders, including:...

Learn More

Risk-Based Change Management for the Entire SDLC

There are many reasons organizations change their applications, infrastructure, and business priorities. Customers demand new features...

Learn More

Shut Down Your Application Security Program

No, I’m not kidding. Shut down your application security program. After speaking with hundreds of organizations...

Learn More

Stop Treating All Applications the Same!

We have a collective prioritization problem. While this is true when analyzing individual applications, it is...

Learn More

Detection and Prevention of Malicious Commits to the PHP Repository

The Motivation On Sunday, March 28th, members of the PHP team identified malicious code commits to...

Learn More

Code Risk is Multi-Dimensional

Call to Action: Transform your AppSec program into an AppRisk program! Today, everything is code! From...

Learn More

Security Alerts: Don’t Developers Have Something Better to Do With Their Time?

In the last two decades, with the rise of mobile, web, and cloud applications with multiple...

Learn More

Visibility in Application and Cloud Security is Ripe for Innovation

Better information leads to better decision-making. That’s not a particularly bold statement. But at the same...

Learn More

Re-Thinking DevSecOps: Moving to a Risk-Based SDLC

How security and compliance are integrated into the development lifecycle needs a fundamental re-examination. Organizations are...

Learn More

Detect and prevent the SolarWinds build-time code injection attack

We have developed a patent-pending technology to detect and prevent SolarWinds-style attacks before shipping binaries to...

Learn More

Top 5 tips to prevent the SolarWinds Solorigate supply chain attack

Vendors in the security industry continue to investigate the supply chain Solorigate attack and its implications...

Learn More

SDLC and DevSecOps – Moving to a Continuous and Simultaneous Model

The world keeps getting faster. People use their phones to do work on the bus. They...

Learn More

Taking security challenges from a board-level discussion to a DevSecOps solution

If you are a CIO or a CISO of a large enterprise, you experience first-hand those...

Learn More

Introducing Apiiro – Reinventing The Secure Development Lifecycle

After almost two decades in the cybersecurity industry with two acquisitions under our belts, I feel...

Learn More