Popular Topics

Topics

About

Policies

Our Network

More

Application Security

Application Security | News, how-tos, features, reviews, and videos

Latest from today

feature
Image

19 large language models redefining AI safety—and danger

Whether you are looking for an LLM with more safety guardrails or one completely without them, someone has probably built it.

By Peter Wayner
12 mins
Application SecurityDevelopment ToolsGenerative AI
news
Image

Angular releases patches for SSR security issues

By Paul Krill
3 mins
JavaScriptTypeScriptWeb Development
opinion
Image

Three web security blind spots in mobile DevSecOps pipelines

By Ryan Lloyd
9 mins
DevSecOpsMobile DevelopmentWeb Development
opinion

What happens when you add AI to SAST

By Jenn Gile
9 mins
App TestingApplication SecurityDevSecOps
opinion

How to reduce the risks of AI-generated code

By Crystal Morin
7 mins
Application SecurityDevSecOpsGenerative AI
feature

Beyond NPM: What you need to know about JSR

By Matthew Tyson
8 mins
JavaScriptNode.jsTypeScript
news

Descope introduces Agentic Identity Hub 2.0 for managing AI agents

By Paul Krill
2 mins
Application SecurityGenerative AIIdentity and Access Management
news

AI-assisted coding creates more problems – report

By Paul Krill
4 mins
App TestingApplication SecurityDevelopment Tools
feature

InfoWorld’s 2025 Technology of the Year Award winners

By InfoWorld Awards Team
48 mins
APIsApplication SecurityDevSecOps

Articles

news

Apache Tika hit by critical vulnerability thought to be patched months ago

The scope of an old PDF parsing flaw has been widened to include more Tika modules.

By John E. Dunn
Dec 8, 2025 3 mins
Application SecurityDevelopment ToolsVulnerabilities
opinion

A proactive defense against npm supply chain attacks

Supply chain risk is unavoidable, but not unmanageable. Proactively prevent supply chain attacks by embedding YARA into developer workflows.

By Mike Wiacek
Dec 4, 2025 5 mins
Application SecurityDevSecOpsJavaScript
news

Spam flooding npm registry with token stealers still isn’t under control

Goal is to steal Tea tokens by inflating package downloads, possibly for profit when the system can be monetized.

By Howard Solomon
Nov 14, 2025 7 mins
Application SecurityOpen SourceSecurity
analysis

10 top devops practices no one is talking about

There’s more to devops success than flashy technology and the latest agile techniques. Here are 10 critical but often overlooked devops practices experts recommend.

By Isaac Sacolick
Nov 4, 2025 10 mins
Application SecurityDevSecOpsDevops
analysis

The JavaScript code won’t write itself

This month’s theme is: Keep an eye on the future but hone your coding craft in the now. Start here, with nine timeless JavaScript coding concepts, a look at Nitro.js—fast becoming the go-to server option for JavaScript and Node—and more.

By Matthew Tyson
Oct 3, 2025 3 mins
Application SecurityJavaScriptWeb Development
news

Chainguard offers malware-resistant JavaScript libraries

Responding to recent NPM malware attacks, Chainguard Libraries for JavaScript seeks to address security vulnerabilities in the JavaScript ecosystem.

By Paul Krill
Oct 2, 2025 2 mins
Application SecurityJavaScriptWeb Development
analysis

Vibe coding and the future of software development

Tech leaders weigh in on vibe coding: What it is, what it’s not, and how to use it safely in production software.

By Isaac Sacolick
Sep 23, 2025 11 mins
DevSecOpsDevelopment ToolsGenerative AI
news

Wave of npm supply chain attacks exposes thousands of enterprise developer credentials

Attacks on the NX build system and React packages highlight escalating threats to enterprise software development pipelines.

By Gyana Swain
Aug 28, 2025 5 mins
Application SecurityJavaScript
feature

8 vendors bringing AI to devsecops and application security

From autonomous vulnerability remediation to real-time scrutiny of AI-generated code, AI is impacting security at every stage of the software development process.

By Victor Garza
Aug 28, 2025 14 mins
Application SecurityData and Information SecurityDevSecOps
news

Critical Docker Desktop flaw allows container escape

Missing authentication on the Docker Engine management API for Docker Desktop on Windows and Mac allows attackers to break out from containers and potentially execute malicious code on the underlying host system.

By Lucian Constantin
Aug 26, 2025 4 mins
DevSecOpsKubernetes and ContainersSecurity
feature

A wake-up call for identity security in devops

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service accounts, and third-party OAuth apps. Here’s how to address it.

By Taylor Parsons
Aug 26, 2025 7 mins
Access ControlApplication SecurityData and Information Security
feature

The advantages of stack-based internal developer platforms

A stack-based approach to IDPs emphasizes reusability, autonomy, and visibility, creating a standardized but flexible system where teams can define and deploy their own devops stack.

By Olivier de Turckheim
Aug 11, 2025 6 mins
DevSecOpsDevelopment ToolsDevops
View all