Contact Us

Free Code Assessment

Cookies Notice

This site uses cookies to deliver services and to analyze traffic.

Learn more
Ok, Got it

The Apiiro Blog

The latest Risk-Based AppSec & DevSecOps insights

All

Educational

Executive

Technical

Go Beyond OSS Dependencies with your SBOM

The U.S. Executive Order on Improving the Nation’s Cybersecurity requires a Software Bill of Materials (SBOM)...

Learn More

Detecting Secrets in Code is a Feature, Not a Solution

The market for “Secrets in Code” is booming! A single hardcoded password, token, or API key...

Learn More

Security at the Design is Not Just Lip Service: AppSec Starts at the User Story

I was speaking with an experienced Application Security Architect recently when he made a stunning statement:...

Learn More

Legacy SAST Has Grown Stale. It’s Time for a New Approach.

Static Application Security Testing (SAST) tools have been the foundation of application security programs for 2...

Learn More

A Leap Forward in Risk-Based Application Security: The Cloud Native Application Protection Platform (CNAPP)

A gap in current thinking has become so obvious and critical that an entirely new approach...

Learn More

Secure Your SDLC to Avoid Being the Source of a Supply Chain Attack

Software Supply Chain attacks have changed the application security landscape and are one of the most...

Learn More

Top 3 Things We’ve Learned in the 5 Months Since Winning the RSA Innovation Sandbox 2021

When Apiiro won the RSA Conference Innovation Sandbox Contest in May, it was in many ways...

Learn More

Don’t Just Shift Left! Extend Right with Infra as Code

What’s left to say about Shift Left? Making informed decisions earlier in the development process has...

Learn More

Better together: Security Champions and Application Security Engineers

In a previous blog post – Security Alerts: Don’t Developers Have Something Better to Do With...

Learn More

Gartner Continues the Push for Software Supply Chain Security

“By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a...

Learn More

Application Security is Tactical. Application Risk is Strategic

“Security” and “Risk” are often used interchangeably. That is a mistake that has a tangible impact...

Learn More

Application Risk Round Table With Industry Leaders

We recently hosted a round table discussion with top-notch Investors, CISOs, and Risk Management leaders, including:...

Learn More

Risk-Based Change Management for the Entire SDLC

There are many reasons organizations change their applications, infrastructure, and business priorities. Customers demand new features...

Learn More

Shut Down Your Application Security Program

No, I’m not kidding. Shut down your application security program. After speaking with hundreds of organizations...

Learn More

Stop Treating All Applications the Same!

We have a collective prioritization problem. While this is true when analyzing individual applications, it is...

Learn More

Security Alerts: Don’t Developers Have Something Better to Do With Their Time?

In the last two decades, with the rise of mobile, web, and cloud applications with multiple...

Learn More

Visibility in Application and Cloud Security is Ripe for Innovation

Better information leads to better decision-making. That’s not a particularly bold statement. But at the same...

Learn More

Re-Thinking DevSecOps: Moving to a Risk-Based SDLC

How security and compliance are integrated into the development lifecycle needs a fundamental re-examination. Organizations are...

Learn More

Top 5 tips to prevent the SolarWinds Solorigate supply chain attack

Vendors in the security industry continue to investigate the supply chain Solorigate attack and its implications...

Learn More

SDLC and DevSecOps – Moving to a Continuous and Simultaneous Model

The world keeps getting faster. People use their phones to do work on the bus. They...

Learn More

Taking security challenges from a board-level discussion to a DevSecOps solution

If you are a CIO or a CISO of a large enterprise, you experience first-hand those...

Learn More

Introducing Apiiro – Reinventing The Secure Development Lifecycle

After almost two decades in the cybersecurity industry with two acquisitions under our belts, I feel...

Learn More