Application Security

Mastering Application Security: Your Resource for Secure Development, Testing, Code Analysis, and More.

Content Partnership: OWASP Logo SC Media Logo

Robots And Humans as AI or Artificial Intelligence facing off as a symbol of future technology and employment or unemployment as automation in society changing the global economy.

AI-driven attacks target governments, cloud agents, supply chains

OWASP GenAI Security Project Team April 23, 2026

OWASP: AI-driven attacks hit government, cloud and supply chains at scale.

Today's Top AppSec Headlines

Interviews from OWASP Global AppSec USA 2025

Training
OWASP 2025 Wrap-Up: Community, AI Security, and the Future of AppSec – Avi Douglen – OWSP25 #2
Supply chain
The future of CycloneDX and software transparency – Steve Springett – OWSP25 #2
AI/ML
From Transparency to Trust: Shaping AI Security with OWASP AIBOM & AI Exchange – Aruneesh Salhotra – OWASP25 #2
Risk Assessments/Management
AIVSS: Do we need a new Risk Management Approach in the era of Agentic AI? – Ken Huang – OWASP25 #2
Application security
Threat Modeling and The Four Question Framework – Adam Shostack – OWSP25 #1
AI/ML
Secure Coding in the Age of AI – James Manico – OWSP25 #1
Leadership
Security Champions: You Already Have Them! How to Tap Their Potential – Dustin Lehr – OWSP25 #1
AI/ML
Beyond the Firewall: Why Traditional Web Security Still Matters in the AI Era – Felipe Zipitria – OWSP25 #1
Governance, Risk and Compliance
Use OWASP SAMM for CRA compliance – Sebastien Deleersnyder – OWSP25 #1
Training
CyberRisk TV Live from OWASP Global AppSec 2025 – Allan Friedman – OWSP25 #1
Application security
GenAI Security From Assessment to Action – Sandy Dunn – OWSP25 #1
Application security
Agentic Security Risks – John Sotiropoulos – OWSP25 #1

Application Security: Explained and Explored

Application Security News

Identity

Most security pros say managing identity has become a major challenge

Steve ZurierMay 6, 2026

Nearly 9 in 10 security leaders struggle with identity sprawl as AI and NHIs expose governance gaps.

Application security

Keeping Up With the OWASP GenAI Project – Scott Clinton – ASW #381

May 5, 2026

Speed is the most common theme among developers and appsec teams working with LLMs and agents, from trying to keep up with patterns for deploying agents to dealing with more code faster to how the latest models impact code quality and security. The OWASP GenAI Project is helping organizations keep up with the speed of those changes and engaging the...

AI/ML

Cisco releases open-source ‘DNA test for AI models’

Laura FrenchMay 1, 2026

The Model Provenance Kit allows organizations to trace model origin and similarity.

Identity

2026 Identity Security: Governing AI agents, NHIs and MCP access

‘Copy Fail’ bug can obtain root privileges in Linux distributions since 2017

Steve ZurierApril 30, 2026

AI-found Linux flaw enables easy root access, heightening risk across cloud and shared systems.

Unlocking Potential Exploring the Power of Large Language Models

AI/ML

LiteLLM exploited within 36 hours of disclosure via SQL injection bug

Steve ZurierApril 29, 2026

Latest case was the second time in five weeks the Python package was exploited.

Identity

Microsoft patches Entra ID bug that let AI agents escalate privileges

Steve ZurierApril 28, 2026

Flaw in Entra ID AI agent role enabled privilege escalation and takeover.

Identity

Horizons of Identity report highlights challenges, opportunities for modern identity programs

Wendy WuOctober 15, 2025

Identity evolves from security control to business enabler, driving automation and agility.

Threat Management

GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX

Laura FrenchApril 28, 2026

A new cluster of 73 extensions impersonating legitimate projects has been tied to the GlassWorm campaign.

Application security

Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 – James Kettle – ASW #380

April 28, 2026

Portswigger's list of web hacking techniques is a long-running celebration of curiosity and research from the web hacking community. James Kettle shares his thoughts on the entries from 2025 and how he expects LLMs and agents to influence what the list will look like for next year. He also shares some insights on using LLMs for his own blackbox res...

Fast Five

Selected by the SC Media Editorial team every Tuesday.

Sign up now for the top five issues cybersecurity pros need to know this week.

Application Security

Application Security

AI-driven attacks target governments, cloud agents, supply chains

Today's Top AppSec Headlines

Internal threats now pose the biggest risk to companies

Telegram mini apps used in large-scale crypto scams and malware distribution

NowSecure launches new tool to reveal hidden AI in third-party mobile apps

Interviews from OWASP Global AppSec USA 2025

Application Security: Explained and Explored

Trusted third-party connections are the new front door for attackers

After the identity fix: MCP’s confused deputy problem

Governance and compliance are still the biggest barriers to AI success

Application Security News

Most security pros say managing identity has become a major challenge

Keeping Up With the OWASP GenAI Project – Scott Clinton – ASW #381

Cisco releases open-source ‘DNA test for AI models’

2026 Identity Security: Governing AI agents, NHIs and MCP access

‘Copy Fail’ bug can obtain root privileges in Linux distributions since 2017

LiteLLM exploited within 36 hours of disclosure via SQL injection bug

Microsoft patches Entra ID bug that let AI agents escalate privileges

Horizons of Identity report highlights challenges, opportunities for modern identity programs

GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX

Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 – James Kettle – ASW #380

Fast Five

Selected by the SC Media Editorial team every Tuesday.

AppSec Events

CISO Stories: AI Security (Blackhat Preview) – Arctic Wolf

Protecting Application User Data for Better Privacy, Governance, and Compliance

Scaling secure software in the age of AI: Turning intelligence into action

Gen AI Application Security & Risk Virtual Conference presented by the OWASP Gen AI Security Project and CSS