Application Security

Mastering Application Security: Your Resource for Secure Development, Testing, Code Analysis, and More.

Content Partnership: OWASP Logo SC Media Logo

Data transfer high speed data network binary code, ai automation, cybersecurity background. Data transmission through a fiber optic cable cyber design, parallel track universe. Binary tube tunnel.

MCP servers emerge as new supply chain risk as real attacks accelerate

OWASP GenAI Security Project Team December 5, 2025

Recent MCP breaches show how privileged servers enable data theft, stressing need for strict controls.

Today's Top AppSec Headlines

Interviews from OWASP Global AppSec USA 2025

Risk Assessments/Management
AIVSS: Do we need a new Risk Management Approach in the era of Agentic AI? – Ken Huang – OWSP25 #2
AI/ML
From Transparency to Trust: Shaping AI Security with OWASP AIBOM & AI Exchange – Aruneesh Salhotra – OWSP25 #2
Supply chain
The future of CycloneDX and software transparency – Steve Springett – OWSP25 #2
Training
OWASP 2025 Wrap-Up: Community, AI Security, and the Future of AppSec – Avi Douglen – OWSP25 #2
Training
CyberRisk TV Live from OWASP Global AppSec 2025 – Allan Friedman – OWSP25 #1
Governance, Risk and Compliance
Use OWASP SAMM for CRA compliance – Sebastien Deleersnyder – OWSP25 #1
AI/ML
Beyond the Firewall: Why Traditional Web Security Still Matters in the AI Era – Felipe Zipitria – OWSP25 #1
Leadership
Security Champions: You Already Have Them! How to Tap Their Potential – Dustin Lehr – OWSP25 #1
AI/ML
Secure Coding in the Age of AI – James Manico – OWSP25 #1
Application security
Threat Modeling and The Four Question Framework – Adam Shostack – OWSP25 #1
Application security
GenAI Security From Assessment to Action – Sandy Dunn – OWSP25 #1
Application security
Agentic Security Risks – John Sotiropoulos – OWSP25 #1

Application Security: Explained and Explored

Application Security News

Application security

CISA issues joint guidance on secure use of AI in OT systems

The document outlines four key principles to follow when considering AI use in OT.

Urgent Mobile Notifications Alert Icons for UIUX Design App Development

Application security

India backs off from requiring government-made security app

Experts preferred EU approach of mandating security outcomes on vendors versus a government app.

Hands of two people with mobile phones showing the chrome browser on one and microsoft edge on the other.

Application security

ShadyPanda exploited Chrome, Edge browser extensions for 7 years

Threat actor infiltrated devices via browser extensions, quietly making money for years until they finally were outed.

Identity

Horizons of Identity report highlights challenges, opportunities for modern identity programs

Identity evolves from security control to business enabler, driving automation and agility.

Application security

Accepting Microsoft Teams guest invitations could pose a security risk

Defender for Office 365 protections do not carry over when joining another Teams tenant.

Application security

Synced calendars a potential threat vector for millions of devices

Expired or compromised domains could be used to push out malicious calendar files.

AI/ML

New Agent Workspace feature comes with security warning from Microsoft

Microsoft warns that AI agents may be susceptible to attacks like prompt injection.

Cloud technology generates outputs such as hosted apps, processed data, and storage, ensuring businesses scale efficiently with secure internet delivery.

Cloud Security

Secure cloud deployments simplified with CIS hardened images

CIS Hardened Images® provide a secure cloud foundation, helping organizations reduce risk, speed compliance, and eliminate guesswork in system configuration.

Application security

Third-party hack may have spread to JPMorgan, Citi, and Morgan Stanley

FBI investigating breach into residential loan mortgage company SitusAMC.

A SolarWinds sign sits on top of an office building.

Governance, Risk and Compliance

2020 SolarWinds case dismissed by SEC; industry offers mixed reaction

Charges against CISO Tim Brown dropped, but experts say "material breach" still ill-defined.

Fast Five

Selected by the SC Media Editorial team every Tuesday.

Sign up now for the top five issues cybersecurity pros need to know this week.

Application Security

MCP servers emerge as new supply chain risk as real attacks accelerate

Today's Top AppSec Headlines

Total WhatsApp ban warned by Russia

Malware injected into SmartTube app for Android TV

Illicit npm packages deploy new OtterCookie malware variant

Interviews from OWASP Global AppSec USA 2025

AIVSS: Do we need a new Risk Management Approach in the era of Agentic AI? – Ken Huang – OWSP25 #2

From Transparency to Trust: Shaping AI Security with OWASP AIBOM & AI Exchange – Aruneesh Salhotra – OWSP25 #2

The future of CycloneDX and software transparency – Steve Springett – OWSP25 #2

OWASP 2025 Wrap-Up: Community, AI Security, and the Future of AppSec – Avi Douglen – OWSP25 #2

CyberRisk TV Live from OWASP Global AppSec 2025 – Allan Friedman – OWSP25 #1

Use OWASP SAMM for CRA compliance – Sebastien Deleersnyder – OWSP25 #1

Beyond the Firewall: Why Traditional Web Security Still Matters in the AI Era – Felipe Zipitria – OWSP25 #1

Security Champions: You Already Have Them! How to Tap Their Potential – Dustin Lehr – OWSP25 #1

Secure Coding in the Age of AI – James Manico – OWSP25 #1

Threat Modeling and The Four Question Framework – Adam Shostack – OWSP25 #1

GenAI Security From Assessment to Action – Sandy Dunn – OWSP25 #1

Agentic Security Risks – John Sotiropoulos – OWSP25 #1

Application Security: Explained and Explored

Salesforce security in a shared-responsibility world: Catching misconfigurations and drift before they become breaches

Hidden gaps in WAF protection are creating inconsistent enterprise security

The SolarWinds dismissal: a reprieve, not a pardon

Application Security News

Fast Five

Selected by the SC Media Editorial team every Tuesday.

AppSec Events

Scaling secure software in the age of AI: Turning intelligence into action

The evolution of AppSec for the AI era

Application Security 2.0: AI changes everything

Mobile Apps, Real Risk: Rethinking Security in the Age of Ubiquitous Access

Gen AI Application Security & Risk Virtual Conference presented by the OWASP Gen AI Security Project and CSS