Meet Qwiet AI at Black Hat 2025! Schedule an executive meeting or join our Topgolf event on August 6.
Key Takeaways Claiming that AI alone is not sufficient proof is one thing; real value comes from demonstrating how AI actually functions, not merely stating that it exists. AI-washing erodes trust. Vague claims or superficial integrations damage credibility across the AppSec space. Agentic, transparent systems win. Teams should look for tools that integrate AI deeply, […]
READ MORE
25 vulnerabilities to look out for in Node JS applications: Directory traversal, prototype pollution, XSSI, and more… Securing applications is not the easiest thing to do. An application has many components: server-side logic, client-side logic, data storage, data transportation, API, and more. With all these components to secure, building a secure application can seem really […]
The future of application security is in the cloud. Software development and application deployment continue to move from on-premise to various types of cloud environments. While the basics of application security (AppSec) carry over from on-premise, the cloud introduces new areas of complexity and a new set of requirements. AppSec best practices for the cloud […]
By now you’ve probably already heard of the name “Log4j”. What happened Late November this year, a Chinese researcher named Chen Zhaojun privately disclosed to Log4j maintainers that version 2 of Log4j contains a critical vulnerability that allows unauthenticated remote code execution (RCE) in applications that utilize the library. On December 9th, the vulnerability was […]
It shouldn’t be surprising that application security has become more important over the last few years. As part of the move to the cloud, applications have become the foundation of business operations. Today, more companies use more applications to do more things than ever before. SaaS applications transmit, store, and process large amounts of sensitive […]
For companies writing and maintaining software at scale today, SAST (Static Application Security Testing) tools have become essential for increasing code security and reducing cyber risk. First-party code remains a frequent target for attacks on all types of organizations, with attackers probing applications constantly to look for weaknesses and vulnerabilities, known and unknown. A wide […]
Apache log4j2 is one of the most widely utilized logging library in the Java ecosystem. Many applications depend on log4j that include and are not limited to VMware, Apple, Twitter, Minecraft to plethora of open-source projects like Apache Solr, Apache Druid, and many more. On November 30, 2021, the Apache log4j2 team became aware of […]
On 9 December 2021, Apache disclosed that the Log4j 2 utility contains a critical vulnerability that allows unauthenticated remote code execution (RCE), a serious issue that impacts a large number of applications. This post is coauthored by Chetan Conikee, Fabian Yamaguchi, and Katie Horne. What is affected? Log4j is a popular open source logging package […]
Java was originally designed with security in mind, which makes its present-day reputation for being insecure unfortunate. Yet it is probably inevitable that the flaws of a twenty-five-year-old language would be discovered and exploited. Especially with a language like Java which still ranks among the top three most popular programming languages today. Java is not […]
More often than not, when people hear the word “compliance” they assume it will be a roadblock to speed. For DevOps teams, reduced speed and productivity undermine their goals. At the same time, experiencing more data breaches leads to new compliance mandates as legislative bodies and industry standards organizations try to set minimum security baselines. […]
