Back
Cookies Notice
This site uses cookies to deliver services and to analyze traffic.
Introducing Code-to-Runtime: Enriching AppSec with True End-to-End Visibility
Neta Coral, Ariel Levy
November 19 2024
For application security teams, connecting vulnerabilities identified in runtime back to their source in the code has long been a complex and time-consuming challenge. Apiiro’s new Code-to-Runtime capability directly addresses this difficulty, enabling AppSec practitioners to prioritize risks more effectively and ensure remediation reaches the right developers – without the need for manual setup or complex […]
Apiiro Lands the Largest ASPM Deal in the Market with a Fortune 10 Global Enterprise
John Leon, Geoff Akie
October 23 2024
Apiiro has secured the largest ASPM deal in the market, a $5 million partnership that underscores the rising importance of risk-based application security. Discover more.
Aligning Teams, Managing Risks: Boost Your AppSec Program with Apiiro Organizational Teams & Custom Reports
Itay Nussbaum
October 2 2024
Apiiro and Bugcrowd team up to streamline risk remediation and boost AppSec security with unified visibility and automation. Discover more.
Unifying Offensive And Defensive AppSec With Apiiro + Bugcrowd
Karen Cohen, Justin Beachler
September 22 2024
Apiiro and Bugcrowd team up to streamline risk remediation and boost AppSec security with unified visibility and automation. Discover more.
Apiiro and Aerowave Join Forces to Revolutionize Application Security
John Leon
September 12 2024
Apiiro, the leader in application security posture management (ASPM), has forged an exciting partnership with Aerowave, a premier cybersecurity services consultancy based in Singapore. The collaboration marks a significant milestone in bringing cutting-edge ASPM solutions to the Asia Pacific (APAC) market, addressing the growing demand for comprehensive application security tools in the region. As enterprises […]
Enable AppSec Enhancements by Apiiro with Comprehensive Identity Matching
Itay Nussbaum, Ella Bor
September 11 2024
Managing identities across diverse systems is a daunting challenge, even for experienced application security experts. Practitioners need a reliable method to track and secure all user activities within their applications, especially when multiple systems are in play. Apiiro addresses this challenge with its powerful identity matching algorithm, which integrates data from various sources to provide […]
New from Apiiro: Detect and Address AppSec Risks with Apiiro Native LLM Models Before Code is Even Written
Ella Bor, Nadav Shakarzy
August 7 2024
A Better Way to “Shift Left” Application Security Traditional approaches to security in software development typically address security risks only after development has started, or even post-deployment, leading to costly fixes and potential security breaches. The modern DevSecOps approach aims to integrate security early in the software development lifecycle (SDLC). However, even this “shift left” […]
Introducing AI-Driven Risk Detection at Design Phase: Revolutionizing AppSec with AI-Powered Pre-Code Security
Emily Eaton
August 6 2024
At Apiiro, we’re always pushing the boundaries of what’s possible in application security. Today, we’re thrilled to announce our latest innovation: Risk Detection at Design Phase. This groundbreaking, first-of-its-kind feature shifts risk detection left in the software development lifecycle, and enables application security (AppSec) practitioners to mitigate security and compliance concerns before a single line […]
Apiiro Leads the Charge in Secure by Design: Among First 25 to Sign America’s Cyber Defense Agency Pledge
Emily Eaton
July 18 2024
In an era where cybersecurity threats are constantly evolving, it’s crucial for companies to take proactive steps in securing their software. That’s why we’re proud to announce that Apiiro is among the first 25 companies, and the first ASPM company, to sign America’s Cyber Defense Agency’s Secure by Design Pledge. This commitment underscores our dedication […]
Apiiro’s Countdown to Black Hat USA 2024
Emily Eaton
July 10 2024
Hey there, AppSec experts! The Apiiro team is buzzing with excitement as we gear up for Black Hat USA 2024. August 7-8, Las Vegas will transform into a cybersecurity wonderland, and we’re here to make sure you don’t miss a beat. Here’s what you need to know: Business Hall | Apiiro Booth 2622 | August […]
ASPM’s Secret Weapon: AI-Powered Code-to-Runtime Software Inventory
Emily Eaton
July 10 2024
Black Hat USA 2024 was a stellar event. In addition to Apiiro’s Booth on the trade show floor, our CEO, Idan Plotnik, spoke during one of the sponsor sessions on all things Application Security, Risk, Compliance and Security Management. Watch the session here: Here’s what Idan dove into: Understanding, prioritizing and remediation risks in modern […]
Cementing our open ASPM platform commitment with our new integrations program, SHINE
Moti Gindi, John Leon
May 1 2024
We are thrilled to formally announce SHINE, Apiiro’s new integration program! SHINE (which stands for the program’s guiding principles: seamless, holistic, interconnected, vendor-neutral, and enriched) is a direct reflection of our core ethos of connecting the tools our customers trust to securely develop and deliver their applications. Read more about the program principles here → […]
Contextual prioritization funnel: Narrow-in on real, business-critical app risks with Apiiro
Payton O'Neal
April 24 2024
Apiiro’s new interactive prioritization funnel uses risk likelihood and impact factors garnered from Deep Code Analysis (DCA), runtime context, and third-party databases to help you cut through the noise and narrow in on real, business-critical risks.
Omdia Application Security Posture Management Market Landscape: 4 Key ASPM Questions Answered
Payton O'Neal
March 28 2024
Get our take on the Omdia ASPM Market Landscape—distilled into 4 key ASPM questions answered.
Apiiro + Secure Code Warrior: Uplevel your AppSec program with hyper-relevant secure code training
Ravit Tal, John Leon
March 20 2024
Our newest integration brings together the best of Apiiro’s ASPM with Secure Code Warrior’s industry-leading developer security training.
From metrics to meaning: Optimizing your AppSec program with Apiiro Reports
Itay Nussbaum
March 18 2024
Learn how to measure, track, and optimize your AppSec program using the new Apiiro Reports.
Streamlining application risk response for the enterprise with ServiceNow integration
John Leon, Ravit Tal
March 13 2024
Our new integration with ServiceNow Vulnerability Response brings the power of Apiiro’s multidimensional application risk response to streamline management and response.
PCI DSS 4.0: What it Means for AppSec and How Apiiro’s Deep ASPM Helps
Saoirse Hinksmon
March 11 2024
Dig into the new and updated PCI 4.0 requirements and learn how a deep ASPM can help with achieving compliance.
Over 100,000 Infected Repos Found on GitHub
Matan Giladi, Gil David
February 28 2024
A new malicious code campaign impacting 100k GitHub repositories is evading detection and benefiting from unsuspecting developers actually helping the malware spread.
A dataset-free approach to leveraging LLMs for malicious code detection
Gil David, Ella Bor
February 6 2024
Dive into Apiiro's breakthrough LLM-based free-text code search engine that identifies malicious code patterns without depending on large datasets.
Apiiro + Akamai technical alliance: Complete code-to-runtime API security
John Leon, Moti Gindi
January 16 2024
Our newest technical alliance combines the power of Apiiro’s ASPM with deep code analysis and Akamai’s runtime API security and threat protection for unified and contextual code-to-runtime API security.
Navigate uncharted risk across your software supply chain with Apiiro’s Risk Graph Explorer
Martin Saad
January 10 2024
Explore these five hard-to-find application and supply chain risks with ease using Apiiro’s Risk Graph Explorer.
Apiiro and Wiz partner to unite application and cloud security
Moti Gindi, John Leon
December 19 2023
Apiiro’s new Wiz integration brings the power of Wiz’s CNAPP to Apiiro’s deep ASPM to unify application and cloud security.
Uncovering shadow GenAI frameworks in your codebase with Apiiro
Karen Cohen
December 14 2023
Apiiro’s ASPM platform now automatically detects GenAI frameworks, so organizations have full visibility into privacy, data, and legal risk introduced by these frameworks.
Introducing Apiiro SSCS: Software supply chain security with the power of ASPM
Moti Gindi, Neta Coral
December 6 2023
Apiiro adds integrated software supply chain security to its ASPM platform, extending it with native CI/CD pipeline and source control manager visibility, detection and assessment, and governance.
ASPM breakdown: Pros and cons of different application security posture management approaches
Saoirse Hinksmon
November 30 2023
Learn the pros and cons of different approaches to application security posture management (ASPM) and what a “deep ASPM” solution entails.
LLM Code Authorship Detection: Unmasking Malicious Package Contributions
Eli Shalom, Gil David
November 14 2023
Apiiro’s security research team has developed a revolutionary approach for accurately connecting code segments—such as open-source packages or commits—by similarity.
Unwavering empathy, resilience, and reliability during wartime challenges
Idan Plotnik
October 20 2023
Idan Plotnik, Apiiro Co-Founder and CEO shares open letter on how Apiiro is supporting its people, customers, and partners during wartime challenges.
Streamlining material code change detection and response for SEC compliance
Saoirse Hinksmon
October 12 2023
The new SEC rule for cybersecurity presents new challenges for AppSec teams. Here's how Apiiro can help companies identify, respond, and communicate material code changes to ensure SEC compliance.
CVE-2023-4863: Leverage Apiiro to determine risk from new WebP 0-day
Karen Cohen
October 6 2023
A critical security flaw, CVE-2023-4863, has been identified in libwebp. Identify and prioritize instances of the new WebP 0-day that are most risky to your business with Apiiro—without runtime agents.
3 dimensions of application risk you need to prioritize and reduce your alert backlog
Payton O'Neal
October 5 2023
Teams need a holistic way to prioritize risk based on their application architecture, the nature of their business, and overall risk tolerance. These dimensions of risk prioritization ensure you can remediate risk at the speed of development without sacrificing quality or security.
Go beyond detection with Apiiro’s new actionable secrets security features
Karen Cohen, Tomer Amir
September 29 2023
Managing secrets at the scale of modern development is also more complex than ever. Apiiro goes beyond secrets detection with new secrets security features including grouping and surfacing valid, invalid, or revoked insights.
The 6 non-negotiables of reducing modern application attack surfaces
Saoirse Hinksmon
September 14 2023
With just traditional tooling and manual processes, it’s nearly impossible for security teams to accurately map their application attack surfaces. Here are six essentials to effectively map and reduce application attack surfaces at scale.
Automating material code change detection for continuous compliance
Idan Plotnik
September 5 2023
Read our blog on detecting material code changes automatically and at scale to reduce application risk and satisfy compliance and regulatory requirements.
Top 5 AppSec metrics to track, right from Apiiro’s new dashboards
Itay Nussbaum, Martin Saad
August 24 2023
New overall and solution-specific dashboard tiles provide visual insights into important application security KPIs such as MTTR, risks over time, development velocity, material changes, and more.
Self-enhancing pattern detection with LLMs: Our answer to uncovering malicious packages at scale
Eli Shalom, Gil David
July 13 2023
Our approach to identifying malicious open-source packages combines LLMs with proprietary pattern detection and self-enhancement to improve accuracy at scale.
The eXtended Software Bill of Materials (XBOM): A Game Changer for Application and Supply Chain Security
Moti Gindi
June 13 2023
Introducing XBOM, our up-leveled approach to SBOM that provides unified visibility across all application and supply chain components, their connections, risks, and more.
Software supply chain attacks caused PyPI to temporarily suspend new users and projects
Payton O'Neal
May 24 2023
In response to overwhelming malicious activity, PyPI temporarily suspended the creation of all new users and projects.
4 highlights from the 2023 Gartner® Innovation Insight for Application Security Posture Management (ASPM)
Payton O'Neal
May 23 2023
Over the past few decades, application security has seen dozens of market categories, hundreds of new approaches, and thousands of solutions. From legacy point solutions like SAST, DAST, and SCA to new approaches like DevSecOps and software supply chain security. As per Gartner, “Application security tools invariably produce reams of data about potential vulnerabilities. Traditional, […]
Say Hello to Apiiro’s New Risk Graph™ Explorer
Eldan Ben Haim, Moti Gindi
April 25 2023
Modern applications are more complex, interconnected, and ephemeral than ever. They’re made up of countless code modules, dependencies, APIs, data models, and technologies developed across numerous languages, frameworks, and contributors, maintained, built, and deployed across multiple repositories, SCMs, CI/CD pipelines, and cloud environments. And they’re all constantly changing. At Apiiro, we always believed that effective […]
Apiiro partners with Nuaware to transform how companies in EMEA secure their cloud applications
Simon Price
February 15 2023
Applications are becoming more distributed, interconnected, and dependent on third-party components than ever.
Security industry veteran Moti Gindi joins the Apiiro as Chief Product Officer
Idan Plotnik
February 7 2023
Microsoft Defender founder, Moti Gindi, joins as Apiiro’s chief product officer to push Apiiro into the next hypergrowth phase.
Apiiro’s AI engine detected a software supply chain attack in PyPI
Gil David, Eli Shalom
December 7 2022
The Apiiro AI engine discovered a malicious Python package that is currently presented on the python PyPI package management portal.
Stop wasting your time on irrelevant changes while developing software
Yonatan Eldar
November 20 2022
Find out how you can identify and fix material changes with Apiiro so your developers can focus on bringing more value to customers!
Dropbox developer account breached: 130 private repositories, secrets leak
Moshe Zioni
November 8 2022
The latest incident involves Dropbox and relates to exposed secrets from 130 private repositories belonging to the company.
OpenSSL 3.0.7: Newest vulnerability patch aftermath
Moshe Zioni
November 2 2022
The latest release of OpenSSL contains a patch for recent vulnerabilities and announced just a week ago on October 25th.
New OpenSSL critical CVE: What you need to know
Moshe Zioni
November 1 2022
A few days ago OpenSSL, the widely-used cryptography/TLS project released a very rare announcement that notified the public of an upcoming release of the project code that will fix a critical 0-day vulnerability. The release (OpenSSL version 3.0.7) is being released today and it is intended as a security fix for a critical vulnerability in […]
Inside Toyota’s secret leak from a supply chain vulnerability
Moshe Zioni
October 25 2022
A recent leak of almost 300,000 of Toyota's customer emails and control numbers showcases the risks of exposed secrets in code.
8 key NIST guidelines in new federal regulations to be aware of
Moshe Zioni
October 10 2022
Find our strategies to build cybersecurity around the NIST guidelines that form new regulations announced by the White House.
What is static application security testing (SAST)?
lucjan
August 29 2022
Static application security testing (SAST) analyzes app source code, byte code, and binaries for security vulnerabilities.
The practical guide to software bill of materials (SBOM)
lucjan
August 13 2022
Software bill of materials is a document that provides tracking for all of the key elements in the software development supply chain.
How to mitigate API risks during development
Idan Elor
July 14 2022
To effectively monitor security of APIs, you need to take the necessary steps and know what to look for in API code.
Detect application architecture drift early in the SDLC
Eldan Ben Haim
July 4 2022
Find out how to detect cloud-native application architecture drift and deal with it early in the SDLC.
Apiiro extends right! From code to runtime
Idan Plotnik
June 30 2022
Cloud has transformed the way development teams design, develop, build and deploy applications. Developers are moving fast and the number of changes and releases is increasing exponentially, as are the risks. In the era of cloud-native application development, the remediation lifecycle is getting longer and more complex because risks are distributed across design, code, open […]
Go beyond OSS dependencies with your SBOM
Moshe Zioni
May 4 2022
A comprehensive Software Bill of Materials (SBOM) provides full visibility to what makes up software including its cloud components.
What you need to know: 0-day vulnerability in Spring core framework (Spring4Shell)
Moshe Zioni
March 31 2022
What is Spring-Core remote code execution (RCE) vulnerability (“Spring4Shell”)? Here is what you should know.
Shift-left API security: Protect your APIs before releasing to the cloud
Moshe Zioni
March 24 2022
Learn how to shift left security and proactively fix API code risks early in the software development lifecycle.
Detecting Secrets in Code is a Feature, Not a Solution
Karen Cohen
March 10 2022
Detecting and remediating secrets is only one piece of the AppSec puzzle. Issues must be understood with context alongside other security risks.
What is DevSecOps? A primer
lucjan
February 22 2022
DevSecOps enables effective collaboration between Development, Security, and Operations throughout the software development lifecycle.
Where cloud-native AppSec mistakes are made: Known vs. unknown vulnerabilities
Moshe Zioni
February 15 2022
Attackers are always looking for the path of least resistance. Be sure to address simple known risks to close those gaps.
The OWASP Top 10: A new approach for cloud-native applications
Moshe Zioni
February 8 2022
With the rise of cloud-native applications, we need to change our approach to application security - not to the Top 10 itself, but how we understand and remediate Top 10 vulnerabilities.
Malicious Kubernetes Helm charts can be used to steal sensitive information from Argo CD deployments
Moshe Zioni
February 3 2022
Apiiro's Security Research team has discovered a major vulnerability in Argo CD platform (CVE-2022-24348).
Security during design isn’t just lip service: AppSec starts at the user story
Yonatan Eldar
January 11 2022
AppSec starts at the user story. Since the speed of development has grown rapidly over the past few years, “security during design” is critical.
Developer intentionally corrupts npm libraries, exposing weaknesses in OSS supply chain security
Moshe Zioni
January 10 2022
A rogue developer intentionally corrupted npm libraries, showing the need for developer activity analysis in supply chain security.
Legacy SAST has grown stale: It’s time for a new approach
Idan Plotnik
November 30 2021
Static application security testing has been vital to AppSec programs for decades, but SAST lacks the context to keep up with DevOps.
A leap forward in risk-based AppSec: The cloud native application protection platform (CNAPP)
Idan Plotnik
November 30 2021
The Cloud Native Application Protection Platform (CNAPP) is a new market definition of an integrated approach to secure cloud-native apps.
Secure your SDLC to avoid being the source of a supply chain attack
Idan Plotnik
November 10 2021
Software supply chain attacks have changed AppSec. SolarWinds, Codecov, and more show a need for defense from design to code to cloud.
Top 3 things we learned since winning the RSA Innovation Sandbox
Idan Plotnik
October 25 2021
Apiiro won the RSA Conference Innovation Sandbox Contest in May 2021 and we’ve been learning the following lessons since then.
Part 1: What we learned about AppSec programs from the Twitch code leak
Moshe Zioni
October 7 2021
On Wednesday, Oct. 7 2021, an anonymous 4chan user claimed to have posted 125 GB of data from 6,000 internal Git repositories. Twitch confirmed the massive data leak, including source code and creator earnings, and stated that the breach was due to a “server configuration change”. While there will be many negative repercussions of this […]
Don’t just shift left! Extend across layers with infrastructure as code security
Moshe Zioni
October 5 2021
Businesses can do more than shift left. “Extending right” by incorporating IaC processes increases agility and improves security.
From phishing to developers: What are the new attack vectors?
Moshe Zioni
September 22 2021
Developers are getting more responsibility and as a result, attackers can use developer identities to gain system access.
Better together: Security champions and application security engineers
Erni Avram
August 9 2021
Application security engineers and security champions must work together to achieve AppSec goals and a secure software development lifecycle.
Gartner continues the push for software supply chain security
Yonatan Eldar
July 20 2021
Gartner reports there are escalating threats to software supply chains. Discover the Apiiro platform’s supply chain security capabilities.
The secrets about exposed secrets in code
Igal Kreichman
June 9 2021
Understanding and remediating the risk of secrets in code cannot be done in isolation. Learn how to do both.
Application security is tactical. Application risk is strategic.
Yonatan Eldar
June 1 2021
Put simply: your board doesn’t care about application security. It cares about application risk, which includes both security and compliance.
Risk-based change management for the entire SDLC
Yonatan Eldar
May 4 2021
We need to take a new, risk-based approach to change management for the SDLC - and it needs to span from design to code to cloud.
Shut down your application security program
Yonatan Eldar
April 22 2021
Is your application security program aligned with your business goals and tolerance for risk? Here's how to find out.
Stop treating all applications the same: Business impact and your AppSec program
Idan Plotnik
April 9 2021
We have a collective prioritization problem. While this is true when analyzing individual applications, it is also true across applications. Organizations aren’t good at nuance. They tend to “think” in terms of rigid processes and ignore risk and potential business impact. Unfortunately, this approach has a real-world impact on application risk. Consider a list of […]
Detection and prevention of malicious commits to the PHP repository
Gil David
April 5 2021
This blog demonstrates some of Apiiro’s anomaly detection capabilities that are used by our clients to protect and secure their repositories.
Code risk is multi-dimensional: How to build an AppRisk program
Erni Avram
March 23 2021
A multi-dimensional approach to code risk analysis can optimize processes by focusing SDLC tools on the “changes that matter most.”
Security Alerts: Don’t developers have something better to do with their time?
Erni Avram
March 16 2021
Dealing with security alerts is a daunting task for developers and security architects as it requires much time and resources to review and triage them.
Visibility in application and cloud security is ripe for innovation
Idan Plotnik
March 11 2021
Better information leads to better decision-making. That’s not a particularly bold statement. But at the same time, we have a tendency to look for data in our narrow area and then … just more of it. More fields. More reports. More dashboards. We don’t often take the opportunity to step back and re-evaluate what you’d […]
Rethinking DevSecOps: Moving to a risk-based SDLC
Yonatan Eldar
March 2 2021
Current approaches to DevSecOps fail to fully automate existing app and cloud security processes, which are periodic and do not scale.
Detect and prevent the SolarWinds build-time code injection attack
Ariel Levy
February 17 2021
Apiiro has developed a patent-pending technology to detect and prevent SolarWinds-style attacks before shipping binaries to production.
Top 5 tips to prevent the SolarWinds Solorigate supply chain attack
Idan Plotnik
December 21 2020
Consider how to identify risky material code changes and prevent them from being deployed in the first place.
SDLC and DevSecOps: Moving to a continuous and simultaneous model
Yonatan Eldar
December 17 2020
By moving to continuous and simultaneous model, you are able to improve the speed of the entire DevOps process.
Taking security challenges from a board-level discussion to a DevSecOps solution
Idan Plotnik
November 20 2020
Enterprises that allow developers to be responsible for the end-to-end delivery are at the forefront of Digital Transformation.
Introducing Apiiro: Reinventing the secure development lifecycle
Idan Plotnik
October 13 2020
Apiiro's solution accelerates delivery and go-to-market by bridging the gap between development, security, and compliance teams.