Security backlogs are exploding.

Join us, sponsor Snyk, and a panel of experts on Feb. 4 for this FREE webcast where we cover how to reduce risk with an AI-accelerated remediation strategy, plus a practical demo.

Register now: https://ow.ly/2TzS50Y4Pj4

#AppSec #DevSecOps #Snyk #SecureSoftware #AI

Vibe Coding Against OWASP Top 10 2025 - Security Risks of AI-Driven Development Explore how vibe coding with AI exposes OWASP Top 10 2025 vulnerabilities and why “ship fast, fix later” can lead to serious web security risks.

We tried “vibe coding” a web app with AI, then checked it against OWASP Top 10 2025.
Even a clean-looking MVP quickly picked up real security issues. See the results of the experiment:
softwaremill.com/vibe-coding-...

#OWASP #VibeCoding #AppSec #AIEngineering #SecureSoftware

The EU Cyber Resilience Act (CRA) is about to fundamentally change how software teams build and ship products in the EU.

We break down how teams can prepare without slowing innovation.

Link to the full guide: buff.ly/MIoJLcb

#EUCRA #DevSecOps #OpenSourceSecurity #SecureSoftware #ContainerSecurity

Apple's iOS Obfuscation Dilemma: App Store Rejection & Developer Security Challenges Apple's iOS Obfuscation Dilemma: App Store Rejection & Developer Security Challenges In this vital episode of "Upwardly Mobile," we dive deep into the complexities of mobile app security within the healthcare sector, particularly concerning the HIPAA Security Rule and the challenges of iOS code obfuscation and App Store review. As telemedicine and mobile access to ePHI (Electronic Protected Health Information) become ubiquitous, understanding and implementing robust security measures is no longer optional—it's imperative. What You'll Learn in This Episode: - The Evolving Threat Landscape for Healthcare Apps: Discover how the rapid adoption of mobile healthcare apps by both patients and practitioners has created new, data-rich attack surfaces for hackers. This includes apps used for consultations, prescription refills, appointment scheduling, accessing test results, and even those associated with medical devices. - Limitations of Traditional Security: We explore why traditional security approaches and even robust TLS (Transport Layer Security) are often insufficient for protecting mobile healthcare apps and their APIs, particularly due to the unique exposure of mobile app code and device environments. Xcode's native build settings like symbol stripping and dead code stripping are primarily for optimization and offer no meaningful protection against determined reverse-engineering efforts. - Proposed Improvements to the HIPAA Security Rule: Learn about Approov's specific recommendations to strengthen the updated HIPAA Security Rule (initially proposed in June 2024), focusing on mobile apps accessing ePHI. Key proposed changes include mandating: - App Attestation: A proven technique to ensure only genuine, unmodified apps can access APIs. - Runtime Device Attestation: Continuous scanning and real-time reporting of device environments to block requests from compromised devices. - Dynamic Certificate Pinning: Essential for protecting communication channels from Man-in-the-Middle (MitM) attacks, even when traffic is encrypted. - API Secret Protection: Explicit guidelines to ensure API keys are never stored in mobile app code and are delivered only as needed to verified apps. - Runtime Zero Trust Protection of Identity Exploits: Additional controls like app and device attestation to provide an extra layer of zero-trust security against credential stuffing and identity abuse. - Breach Readiness and Service Continuity: Extending incident response plans to cover third-party breaches and explicitly managing API keys and certificates during a breach. - The Role of https://mas.owasp.org/MASVS/: Understand how the OWASP Mobile Application Security Verification Standard (MASVS) serves as the industry standard for mobile app security, offering guidelines for developers and testers. We specifically highlight MASVS-RESILIENCE for hardening apps against reverse engineering and tampering. - The iOS Obfuscation Dilemma: Unpack the conflict faced by developers in regulated industries like fintech and healthcare: the critical need to protect proprietary algorithms and sensitive logic through code obfuscation versus the risk of rejection by Apple's App Store. Apple's guidelines are ambiguously enforced, often flagging aggressive obfuscation as an attempt to "trick the review process". - Third-Party Obfuscation Solutions: Since Xcode provides no built-in true obfuscation features, we discuss the imperative for advanced third-party solutions. Learn about techniques like symbol renaming, string encryption, control flow obfuscation, and dummy code insertion. We also touch upon leading commercial tools like Guardsquare's iXGuard, Zimperium's Mobile Application Protection Suite (MAPS), and Appdome, as well as LLVM-based obfuscators. - Obfuscation as a Compliance Control: Discover why code obfuscation and Runtime Application Self-Protection (RASP) are fundamental technical safeguards for HIPAA compliance and meeting the requirements of PCI DSS, even if not explicitly named in the regulations. - Strategic Recommendations for Implementation: Get insights on implementing a risk-based tiered approach to app protection, integrating obfuscation into your CI/CD pipeline, and transparently communicating your security posture to the App Store review team to mitigate rejection risks. Tune in to gain a comprehensive understanding of securing your mobile health applications in today's complex digital environment! Relevant Links & Resources: - Sponsor: Learn more about app and API security solutions from Approov: https://approov.io/ - Approov Blog: Injecting Mobile App Security into The HIPAA Healthcare Security Rule: https://approov.io/blog/injecting-mobile-app-security-into-the-hipaa-healthcare-security-rule - OWASP Mobile Application Security (MAS) Project: https://owasp.org/www-project-mobile-app-security/ - OWASP Mobile Application Security Verification Standard (MASVS): https://mas.owasp.org/MASVS/03-Using_the_MASVS/ Keywords: Mobile App Security, Healthcare, HIPAA, ePHI, API Security, Code Obfuscation, iOS Security, App Store Review, App Attestation, Runtime Application Self-Protection (RASP), PCI DSS, OWASP MASVS, Man-in-the-Middle (MitM) Attacks, API Keys, Zero Trust, Telemedicine, Virtual Healthcare, Mobile Health, Cybersecurity, Enterprise Security, Data Protection, Compliance, InfoSec, Privacy, Digital Health. 

📣 New Podcast! "Apple's iOS Obfuscation Dilemma: App Store Rejection & Developer Security Challenges" on @Spreaker #appdome #approov #appsecurity #codeobfuscation #dataprotection #guardsquare #healthcareit #iosdevelopment #mobilesecurity #owaspmasvs #rasp #securesoftware #zerotrust #zimperium

📢 Public Consultation Open!

We have an open consultation for the public to comment on our #SecureSoftware Lifecycle Knowledge Area!

🗓️ Consultation closes on the Friday 18 July 2025
💬Read the change request and submit your feedback: buff.ly/jP4rRiU

#CyberSecurity #SoftwareDevelopment #CyBOK

AI is redefining #SecureSoftware development. Our CEO & Co-Founder, Pankit Desai, shares insights on how #AI is transforming #DevOps by enhancing speed, security and resilience.
Read the full @devopsdotcom feature 👉 www.sequretek.com/newsroom/art...
#Cybersecurity

🚨 CyBOK has released a change request for the Secure Software Lifecycle Knowledge Area and we are looking for your feedback!

🗓️ Open until 18 July 2025
📩Have your say in shaping secure software practices: buff.ly/uqo14vS

#CyberSecurity #SecureSoftware #CyBOK

Trump cyber executive order takes aim at prior orders, secure software, identity President Donald Trump signed an executive order Friday that the White House says promotes developing secure software, adopting the latest encryption protocols, securing internet routing and rolling back parts of two executive orders.

Trump’s new cyber executive order reverses key Biden & Obama mandates—scrapping digital‑ID rules, mandating secure software dev, the latest encryption & quantum prep, AI vuln focus, and caps sanctions to foreign actors. #Cybersecurity #SecureSoftware #AIdefense cyberscoop.com/trump-cyber-...

Building software solutions with AssureSoft means security, speed, and scalability. We specialize in everything from mobile apps to enterprise-level systems.

#SecureSoftware #TechSolutions

Secure-by-Design Is Hard, but Our Online Future Depends on It

Yes, indeed ...
-
insight.scmagazineuk.com/secure-by-de... #cybersecurity #SbD #CISA #SecureSoftware

Creating a simple file upload/download application with Vaadin Flow Vaadin Flow is a robust framework for building modern web applications in Java, where all UI logic is implemented on the server side. In this blog post, we’ll make a simple file management ap…

Secure file handling with Vaadin Flow.
Focused on:
🔐 CWE-22 – Path Traversal
📁 CWE-377 – Unsafe temp files
📉 CWE-778 – Weak logging
Use Java, NIO and structured logging to build safe upload/download flows.
#JavaDev #Vaadin #SecureSoftware #WebSecurity
svenruppert.com/2025/05/20/c...

🚨 The CWE Top 25 reveals the most dangerous software weaknesses—are you addressing them? 🚨 Stay ahead of cyber threats by identifying and mitigating vulnerabilities early. Secure your code with CWE-driven analysis!
🔒 Learn more - lnkd.in/emw_U9wW.

#CyberSecurity #CWE #SecureCoding #SecureSoftware

You can either pay Security Debt later… 💸 or get it right from the start. SafeStack helps teams bake in security early. Get started: safestack.io/appsec-progr... #SecureSoftware

🔑 Why RSA-4096 is Crucial for Code Signing 🔑
RSA-4096 key ensures your #software remains authentic, trusted, and tamper-proof with robust #encryption. Protect your software from tampering and unauthorized changes!

#ssl2buy #CyberSecurity #CodeSigning #RSA4096 #RSA #SecureSoftware

bit.ly/41UuCIg

CISA's secure software deployment push: Key takeaways for AppSec teams CISA releases new guidance on secure software deployment. Learn best practices to protect your organization's software supply chain. more

To avoid the next CrowdStrike fiasco, CISA recommends embracing safe deployment practices earlier in the SDLC. #CISA #SecureSoftware #SecureDeployment #SupplyChainSecurity
jpmellojr.blogspot.com/2024/11/cisa...

Ganz et al.'s "PAVUDI: Patch-based Vulnerability Discovery using Machine Learning"

The final paper in this session was Ganz et al.'s "PAVUDI: Patch-based Vulnerability Discovery using Machine Learning" which proposes a machine-learning approach for identifying software vulnerabilities. (www.acsac.org/2023/p...) 5/5
#Cybersecurity #SecureSoftware #ML

Looking back at ACSAC 2023

For this #ThrowbackThursday, we will look at #ACSAC2023's #OS and #SoftwareSecurity session. The links in this thread will lead you to the paper pdfs and the slide decks, so be sure to check them out! 1/5
#OperatingSystemSecurity #SecureSoftware

Learn about government-enacted secure software supply chain legislation that is imposing requirements on software vendors, how they can affect you and how to gain & maintain compliance.
#securesoftware https://bit.ly/3XlrlND

The US government secure supply chain due date for SBOMs and software attestations is June 2023. Find out what this means for you and your development processes.
#securesoftware https://bit.ly/3IShmw3

The ActiveState Artifact Repository provides a secure alternative to PyPI.
Join our workshop next week to learn how to build secure #Python artifacts from source code with our Platform's latest feature.
#securesoftware https://bit.ly/3T3LaYl

In case you missed it, the White House recently released a memo aimed at improving supply chain security that builds upon the executive order from May 2021. Get all the details here 📝
#oss #securesoftware https://bit.ly/3SQgxWh

Missed our webinar where we discussed how to make your software supply chain security easier with SLSA and automated dependency vendoring ? Check out the recording and download the slides here 👉 http://ow.ly/B9Ui50JWcle
#SLSA #securesoftware

https://bit.ly/3cc5TJf