Skip to main content

Independent intelligence for application security and software supply chain.

Daily reporting on supply chain attacks, security vendor moves, and standards changes that matter to engineers and compliance teams.

Featured coverage

Term of the Day

Remote Code Execution

Remote Code Execution is a type of cyberattack in which an attacker runs malicious commands or code on someone else's computer or network without needing physical access to the device. This typically happens when an application or system has a security flaw that allows an outsider to send and execute instructions remotely. RCE is considered one of the most severe categories of security vulnerability because it can give an attacker significant control over the targeted system.

Read full definition

Vendor Directory Spotlight

Browse all 151 vendors

Akeyless Security

Secure your secrets, simplify your workflows

Akeyless offers a modern secrets management platform designed for teams using DevOps, hybrid cloud, and AI workloads. It centralizes and secures static, dynamic, and short-lived secrets, API tokens, and certificates across CI/CD pipelines, eliminating the need for vault management. The solution utilizes Distributed Fragments Cryptography (DFC) to ensure encryption keys are mathematically split across regions and providers, providing users with full control. Akeyless supports automated rotation and just-in-time access, integrating seamlessly with IDEs and cloud environments. This approach enhances security, compliance, and operational efficiency, helping teams mitigate risks associated with secrets sprawl.

Legit Security

Automate AppSec, Secure Your Code Today

Legit Security is an AI-native Application Security Posture Management (ASPM) platform designed to automate discovery, prioritization, and remediation of AppSec issues in software development. It enables security teams to manage risks associated with AI-generated code and critical vulnerabilities effectively. By providing a real-time view of software assets, their security controls, and vulnerabilities, Legit facilitates integrated systems to enhance security measures. The platform aims to reduce development costs and accelerate the software delivery process while ensuring comprehensive security oversight.

StackHawk

Secure Your APIs, Accelerate Development Cycles

StackHawk, Inc. offers a comprehensive code-to-runtime AppSec platform designed to modernize API security testing. It enables developers to find security bugs earlier in the development process, ensuring schedules are not disrupted. The platform features automated workflows that integrate seamlessly with existing developer tools. Users can triage, identify, and investigate high-priority issues, trusting developers to mitigate risks prior to production. StackHawk also provides audit logs to verify the actions taken during the remediation process, promoting a secure development lifecycle.

Browse all 7 resources
Cover of OWASP API Security Top !0

OWASP API Security Top 10 - Free Practical Guide | Application Security Standards

Download the free 17-page guide to the OWASP API Security Top 10. Learn each API risk, how attackers exploit it, and the controls that stop them.