Search results for Application-Security

Enterprise Java Applications: A Practical Guide to Securing Enterprise Applications with a Risk-Driven Architecture

Enterprise Java applications still serve business-critical processes but are becoming vulnerable to changing security threats and regulatory demands. Traditional compliance-based s...

38% of MCP servers have no auth -- inside the OWASP MCP Top 10

I installed 14 MCP servers last month. Then I read the CVE list. I've been running MCP servers in production since late 2025 -- connecting Claude to my accounting tools, project...

Beyond the cleanup job: Redefining application security for the modern enterprise

Secure-by-design is no longer just a developer concern. Enterprise leaders must treat application security as a board-level responsibility, with accountability, incentives, and cus...

Application Security Training is Broken: 85% of Companies Require It, But Developers Aren’t Asking for It

Agentic Development Security: Why AppSec Needs A New Operating Model

Application security testing (AST) has reached an inflection point. The market is crowded, capabilities overlap, and detection alone is no longer a source of durable differentiatio...

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Sc...

Aikido Security launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks

Detecting Bugs and Vulnerabilities in Java With SonarQube

The security audit report landed unexpectedly. It highlighted a critical vulnerability in our payment processing module. We had passed all unit tests. We had passed all integration...

Quokka Research Finds Widespread Mobile App Security Failures Across Android and iOS

The State of Mobile App Security 2026, finds that foundational security weaknesses are pervasive, creating exploitable pathways for attackers to

The Mobile API Trust Gap Every Cloud Security Team Should Understand

Enterprise security teams spend enormous effort securing cloud infrastructure, APIs, and backend systems. Yet many still overlook a critical question.

Rails Security Best Practices: A Comprehensive Guide

Originally appeared on Saeloun Blog.Rails gives us a strong security baseline. It does not make an application secure by itself. That distinction matters. Most real Rails security...

Веб vs Мобилка: кто в опасности? Сравниваем безопасность двух миров

Спойлер: оба, но по-разному - и это важно понимать.Каждый раз, когда слышим «у нас все нормально с безопасностью, мы же не банк», что-то внутри сжимается. За этой фразой обычно сто...

Top 10 Best Application Security Testing Companies in 2026

In the rapidly evolving digital landscape of 2026, applications are the backbone of every enterprise. From customer-facing web portals and mobile apps to intricate internal systems...

The patching treadmill: Why traditional application security is no longer enough

Find-and-fix security once made sense, but AI-assisted development, continuous deployment, and exploding vulnerability backlogs are changing the rules. The old application security...

Scaling Ruby's defenses with AI

Originally appeared on RubyGems Blog.On April 23rd, we submitted a vulnerability report to the Nokogiri maintainers. It was the first one our team has filed using AI-assisted scann...

Secure Access Tokens in Web Applications: A Practical Guide From the Field

I’ve spent years reviewing applications after security incidents, conducting code audits, and helping teams rebuild trust after token misuse exposed sensitive data. If there’s one...

Agentic AI Is Accelerating How Software Gets Built and How It Gets Attacked. Most Enterprises Are Only Ready for One, Ac...

Digital.ai’s 2026 Application Security Threat Report draws on real-time threat monitoring data from applications serving billions of consumers across financial services,

Stopping bugs before they ship: The shift to preventative security

Secure software starts before coding begins. Threat modeling, safer defaults, dependency hygiene, and developer workflow guardrails can help prevent vulnerabilities.

Building MCP servers that don't get hacked: 22 security checks every developer needs

I audited 50 open-source MCP servers last month. 43% had command injection vulnerabilities. Here are the 22 checks that will save you from shipping a backdoor. MCP (Model Context...

JADX + MCP: I let the AI read the APK so I don’t have to

Hello Hackers, Hope you guys are doing well and hunting lots of bugs and Dollars!Continue reading on InfoSec Write-ups »

Application Security Strategies Are Changing as AI-generated Code Floods the SDLC

AI-generated code is changing AppSec workflows, forcing teams to rethink SDLC security, dependency checks, code review, and risk prioritization.

Android API Security Testing: Where the Real Bounties Live in 2025

Tags: android-security api-security mobile-pentesting bug-bounty burp-suite idor broken-authentication ethical-hacking cybersecurity…Continue reading on Medium »

Top 10 Best Static Application Security Testing (SAST) Tools for Security Teams in 2026

The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought. Whether you are managi...

Two Agent Skills to Help With Prompt Security

Originally appeared on All about code - Ruby and Rails technical content written by Lucian Ghinda.When you build a product that uses LLMs and prompts, security becomes a specific k...

Outpost24 Launches AI-Powered Authentication to Remove Configuration Barriers in DAST

Outpost24 launched AI-powered authentication for Scale, its dynamic application security testing (DAST) solution.