Application Security

Mastering Application Security: Your Resource for Secure Development, Testing, Code Analysis, and More.

Content Partnership: OWASP Logo SC Media Logo

Innovative ai showcase global tech summit 2025 digital innovations futuristic environment interactive viewpoint advancements in ai technology

AIBOM generator finds new home at OWASP to boost AI transparency

OWASP GenAI Security Project Team February 10, 2026

AIBOM Generator joins OWASP, advancing community-led AI supply chain transparency and security.

Today's Top AppSec Headlines

Interviews from OWASP Global AppSec USA 2025

Risk Assessments/Management
AIVSS: Do we need a new Risk Management Approach in the era of Agentic AI? – Ken Huang – OWASP25 #2
AI/ML
From Transparency to Trust: Shaping AI Security with OWASP AIBOM & AI Exchange – Aruneesh Salhotra – OWASP25 #2
Supply chain
The future of CycloneDX and software transparency – Steve Springett – OWSP25 #2
Training
OWASP 2025 Wrap-Up: Community, AI Security, and the Future of AppSec – Avi Douglen – OWSP25 #2
Training
CyberRisk TV Live from OWASP Global AppSec 2025 – Allan Friedman – OWSP25 #1
Governance, Risk and Compliance
Use OWASP SAMM for CRA compliance – Sebastien Deleersnyder – OWSP25 #1
AI/ML
Beyond the Firewall: Why Traditional Web Security Still Matters in the AI Era – Felipe Zipitria – OWSP25 #1
Leadership
Security Champions: You Already Have Them! How to Tap Their Potential – Dustin Lehr – OWSP25 #1
AI/ML
Secure Coding in the Age of AI – James Manico – OWSP25 #1
Application security
Threat Modeling and The Four Question Framework – Adam Shostack – OWSP25 #1
Application security
GenAI Security From Assessment to Action – Sandy Dunn – OWSP25 #1
Application security
Agentic Security Risks – John Sotiropoulos – OWSP25 #1

Application Security: Explained and Explored

Application Security News

Application security

RSAC 2026 executive interview: Apiiro’s Idan Plotnik – Idan Plotnik – RSAC26 #3

March 25, 2026

AI coding assistants are dramatically accelerating software development, generating more code and more change than security teams were built to handle. In this interview, Idan Plotnik discusses how AI-driven development is reshaping the application risk landscape and why traditional vulnerability management models can’t keep up. Segment Resources:...

From left to right: Ed Skoudis, Joshua Wright, Robert M. Lee, Heather Barnhart and Rob T. Lee.

RSAC

RSAC 2026: 5 ways AI is our worst enemy, and 3 ways to make it SOC’s best friend

Laura FrenchMarch 25, 2026

Keynotes from Splunk and the SANS Institute reinforce the double-edged nature of AI.

Application security

Why Proactive Security Is Far Better Than Patching – Erik Nost – ASW #375

March 24, 2026

So much of appsec’s efforts can be consumed by vuln management and a race to patch security flaws. But that’s more a symptom of the ease of scanning and the volume of CVEs. Erik Nost walks through the principles behind proactive security, why the concept sounds familiar to secure by design, and why organizations still struggle with creating effecti...

Identity

2026 Identity Security: Governing AI agents, NHIs and MCP access

Apple rolls out ‘Background Security Improvements’ for WebKit browser engine bug

Steve ZurierMarch 18, 2026

Apple shifts to more continuous security patches versus waiting for the next big OS release.

AI/ML

AI coding assistants twice as likely to leak secrets, as overall leaks rise 34%

Laura FrenchMarch 18, 2026

A total of 28.65 million hardcoded secrets were found in public GitHub commits in 2025.

Application security

Creating Better Security Guidance and Code with LLMs – Mark Curphey – ASW #374

March 17, 2026

What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating documentation for writing secure code in Go and recreating one of his own startups. One of the themes of this conversation is how important documentation is, whether it's intended for humans or for pr...

Identity

Horizons of Identity report highlights challenges, opportunities for modern identity programs

Wendy WuOctober 15, 2025

Identity evolves from security control to business enabler, driving automation and agility.

AI/ML

AI phishing, malicious SVGs continues after surge over holidays

Laura FrenchMarch 13, 2026

HoxHunt reports AI-generated phishing increased from 4% to 56% of phishing attempts in December.

Salesforce office building in Singapore City. Salesforce Inc is an American Fortune 500 listed, cloud-based software company.

Cloud Security

Salesforce confirms ShinyHunters exploited Experience Cloud sites

Steve ZurierMarch 10, 2026

The ShinyHunters cybercrime group has systematically targeted Salesforce instances since mid-2025.

Fast Five

Selected by the SC Media Editorial team every Tuesday.

Sign up now for the top five issues cybersecurity pros need to know this week.

Application Security

AIBOM generator finds new home at OWASP to boost AI transparency

Today's Top AppSec Headlines

AI coding tools must not propagate vulnerabilities, says NCSC head

TeamPCP supply chain attack hits LiteLLM PyPI package

Widespread cloud environment compromise facilitated by Trivy supply chain hack

Interviews from OWASP Global AppSec USA 2025

AIVSS: Do we need a new Risk Management Approach in the era of Agentic AI? – Ken Huang – OWASP25 #2

From Transparency to Trust: Shaping AI Security with OWASP AIBOM & AI Exchange – Aruneesh Salhotra – OWASP25 #2

The future of CycloneDX and software transparency – Steve Springett – OWSP25 #2

OWASP 2025 Wrap-Up: Community, AI Security, and the Future of AppSec – Avi Douglen – OWSP25 #2

CyberRisk TV Live from OWASP Global AppSec 2025 – Allan Friedman – OWSP25 #1

Use OWASP SAMM for CRA compliance – Sebastien Deleersnyder – OWSP25 #1

Beyond the Firewall: Why Traditional Web Security Still Matters in the AI Era – Felipe Zipitria – OWSP25 #1

Security Champions: You Already Have Them! How to Tap Their Potential – Dustin Lehr – OWSP25 #1

Secure Coding in the Age of AI – James Manico – OWSP25 #1

Threat Modeling and The Four Question Framework – Adam Shostack – OWSP25 #1

GenAI Security From Assessment to Action – Sandy Dunn – OWSP25 #1

Agentic Security Risks – John Sotiropoulos – OWSP25 #1

Application Security: Explained and Explored

RSAC 2026: Can humans secure the ever-expanding universe of non-human identities?

How is AI transforming financial crime compliance now?

AI is now the decisive factor in cyber conflict

Application Security News

RSAC 2026 executive interview: Apiiro’s Idan Plotnik – Idan Plotnik – RSAC26 #3

RSAC 2026: 5 ways AI is our worst enemy, and 3 ways to make it SOC’s best friend

Why Proactive Security Is Far Better Than Patching – Erik Nost – ASW #375

2026 Identity Security: Governing AI agents, NHIs and MCP access

Apple rolls out ‘Background Security Improvements’ for WebKit browser engine bug

AI coding assistants twice as likely to leak secrets, as overall leaks rise 34%

Creating Better Security Guidance and Code with LLMs – Mark Curphey – ASW #374

Horizons of Identity report highlights challenges, opportunities for modern identity programs

AI phishing, malicious SVGs continues after surge over holidays

Salesforce confirms ShinyHunters exploited Experience Cloud sites

Fast Five

Selected by the SC Media Editorial team every Tuesday.

AppSec Events

Protecting Application User Data for Better Privacy, Governance, and Compliance

Scaling secure software in the age of AI: Turning intelligence into action

Gen AI Application Security & Risk Virtual Conference presented by the OWASP Gen AI Security Project and CSS