Search results for Application Security

The Mobile API Trust Gap Every Cloud Security Team Should Understand

Enterprise security teams spend enormous effort securing cloud infrastructure, APIs, and backend systems. Yet many still overlook a critical question.

Beyond the cleanup job: Redefining application security for the modern enterprise

Secure-by-design is no longer just a developer concern. Enterprise leaders must treat application security as a board-level responsibility, with accountability, incentives, and cus...

Quokka Research Finds Widespread Mobile App Security Failures Across Android and iOS

The State of Mobile App Security 2026, finds that foundational security weaknesses are pervasive, creating exploitable pathways for attackers to

Enterprise Java Applications: A Practical Guide to Securing Enterprise Applications with a Risk-Driven Architecture

Enterprise Java applications still serve business-critical processes but are becoming vulnerable to changing security threats and regulatory demands. Traditional compliance-based s...

Secure Access Tokens in Web Applications: A Practical Guide From the Field

I’ve spent years reviewing applications after security incidents, conducting code audits, and helping teams rebuild trust after token misuse exposed sensitive data. If there’s one...

Веб vs Мобилка: кто в опасности? Сравниваем безопасность двух миров

Спойлер: оба, но по-разному - и это важно понимать.Каждый раз, когда слышим «у нас все нормально с безопасностью, мы же не банк», что-то внутри сжимается. За этой фразой обычно сто...

Secure Web Applications on Microsoft Azure: App Service Basics

In today’s digital world, password security poses significant risks. Recent statistics reveal alarming trends: weak passwords contribute to 30% of global data breaches, and 81% of...

Designing a Secure API From Day One

Most APIs get secured after something breaks. A token leaks, an endpoint misbehaves, a pen test surfaces, an authorization gap. Suddenly, the team is patching a live system under p...

Rails Security Best Practices: A Comprehensive Guide

Originally appeared on Saeloun Blog.Rails gives us a strong security baseline. It does not make an application secure by itself. That distinction matters. Most real Rails security...

Agentic Development Security: Why AppSec Needs A New Operating Model

Application security testing (AST) has reached an inflection point. The market is crowded, capabilities overlap, and detection alone is no longer a source of durable differentiatio...

You Don't Get to Retrofit Trust: Why API Security Must Be Designed In, Not Bolted On

There is a specific kind of silence that falls in a war room after a breach. I've been in two of them. Not as the person responsible, but as the journalist who got the call. The fi...

Quokka Research Finds Widespread Mobile App Security Failures Across Android and iOS

Analysis of 150,000 apps reveals persistent vulnerabilities exposing enterprises to data theft, account compromise, and infrastructure risk

38% of MCP servers have no auth -- inside the OWASP MCP Top 10

I installed 14 MCP servers last month. Then I read the CVE list. I've been running MCP servers in production since late 2025 -- connecting Claude to my accounting tools, project...

Your mobile Unity game is probably vulnerable.

When you build a mobile game, your mind is usually full of gameplay, art, ads, performance, in-app purchases, and release deadlines…Continue reading on Medium »

Building Cyber-Resilient Banking Applications Through Security Testing

Security testing is no longer a final release checkpoint for banks. This blog explains how financial institutions can reduce cyber risk, secure APIs and mobile channels, strengthen...

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Sc...

Aikido Security launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks

Why iPhone Security Fails Without Structured Device Governance

A single employee syncing corporate data to a personal cloud can bypass even the best hardware defenses. True protection requires shifting from individual settings to structured iP...

Application Security Training is Broken: 85% of Companies Require It, But Developers Aren’t Asking for It

Beyond the Vibe: Why “Secure by Default” is the Only Way to Build in 2026

Beyond the Vibe: Why "Secure by Default" is the Only Way to Build in 2026 We’ve all been there. You’re trying to complete a simple task—in my case, registering...

Android Application Penetration Testing: A Complete Phase-Wise Methodology with Tools &…

Android applications are no longer just front-end interfaces. They contain business logic, authentication flows, API communication, local…Continue reading on Medium В»

Detecting Bugs and Vulnerabilities in Java With SonarQube

The security audit report landed unexpectedly. It highlighted a critical vulnerability in our payment processing module. We had passed all unit tests. We had passed all integration...

Two Agent Skills to Help With Prompt Security

Originally appeared on All about code - Ruby and Rails technical content written by Lucian Ghinda.When you build a product that uses LLMs and prompts, security becomes a specific k...

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into productio...

Building MCP servers that don't get hacked: 22 security checks every developer needs

I audited 50 open-source MCP servers last month. 43% had command injection vulnerabilities. Here are the 22 checks that will save you from shipping a backdoor. MCP (Model Context...