Every API, service, dependency & sensitive data to map the application attack surface (SBOM)
By running deep risk assessment, tying risks to code owners & triggering contextual workflows
Mean time to remediation (MTTR) & DevSecOps maturity across the software supply chain
About
Careers
Partners
News & Events
Blog
Resources
This site uses cookies to deliver services and to analyze traffic.
The latest Risk-Based AppSec & DevSecOps insights
All
Educational
Executive
Technical
Specifications Describe What We Want To Develop The development of cloud-native applications involves multiple individuals working...
Learn More
Cloud has transformed the way development teams design, develop, build and deploy applications. Developers are moving...
The U.S. Executive Order on Improving the Nation’s Cybersecurity requires a Software Bill of Materials (SBOM)...
Over the past 24 hours, from the time Cyber Kendra published the initial blog post, there was...
APIs are essential to software development and innovation but they are – by their very nature...
The market for “Secrets in Code” is booming! A single hardcoded password, token, or API key...
Application Security leaders often make a foundational mistake when building their AppSec programs: they think from...
The OWASP Top 10 has been an essential guide for Application Security professionals since 2003 –...
Apiiro’s Security Research team has uncovered a major software supply chain 0-day vulnerability (CVE-2022-24348) in Argo...
I was speaking with an experienced Application Security Architect recently when he made a stunning statement:...
How developer activity analysis is crucial to detecting rogue developers and repository abuse Fourteen months after...
Static Application Security Testing (SAST) tools have been the foundation of application security programs for 2...
A gap in current thinking has become so obvious and critical that an entirely new approach...
Software Supply Chain attacks have changed the application security landscape and are one of the most...
When Apiiro won the RSA Conference Innovation Sandbox Contest in May, it was in many ways...
On Wednesday, Oct. 7 2021, an anonymous 4chan user claimed to have posted 125 GB of...
What’s left to say about Shift Left? Making informed decisions earlier in the development process has...
“Shift Left and Extend Right” is the primary driver for digital transformation, but it is also...
In a previous blog post – Security Alerts: Don’t Developers Have Something Better to Do With...
“By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a...
Finding exposed secrets in code sounds simple, doesn’t it? Just look for field names like “password”,...
“Security” and “Risk” are often used interchangeably. That is a mistake that has a tangible impact...
We recently hosted a round table discussion with top-notch Investors, CISOs, and Risk Management leaders, including:...
There are many reasons organizations change their applications, infrastructure, and business priorities. Customers demand new features...
No, I’m not kidding. Shut down your application security program. After speaking with hundreds of organizations...
We have a collective prioritization problem. While this is true when analyzing individual applications, it is...
The Motivation On Sunday, March 28th, members of the PHP team identified malicious code commits to...
Call to Action: Transform your AppSec program into an AppRisk program! Today, everything is code! From...
In the last two decades, with the rise of mobile, web, and cloud applications with multiple...
Better information leads to better decision-making. That’s not a particularly bold statement. But at the same...
How security and compliance are integrated into the development lifecycle needs a fundamental re-examination. Organizations are...
We have developed a patent-pending technology to detect and prevent SolarWinds-style attacks before shipping binaries to...
Vendors in the security industry continue to investigate the supply chain Solorigate attack and its implications...
The world keeps getting faster. People use their phones to do work on the bus. They...
If you are a CIO or a CISO of a large enterprise, you experience first-hand those...
After almost two decades in the cybersecurity industry with two acquisitions under our belts, I feel...