Blog

This article explores how adopting a Zero Trust security model can modernize threat modeling, enabling continuous verification, least-privilege access, and proactive defense across dynamic systems. By integrating Zero Trust principles into DevSecOps and CI/CD pipelines, organizations can build adaptive threat models that strengthen cloud security, risk management, and resilience.

Modern cyberattacks exploit weaknesses and take advantage of hidden application security gaps in cloud and SaaS environments. This article explains what an application security gap is, why traditional IT and cloud security models often fail to catch it, and how real-world incidents show the massive business impact of overlooked vulnerabilities....

“Shift Left” has been the reigning philosophy in AppSec for the last few years. Yet what was once considered to be a solution to serious issues in application security (AppSec) is now becoming an overcorrection - and is producing problems of its own.

When Anthropic launched Claude Code Security in February 2026, cybersecurity stocks dropped within hours. The AI system scans entire codebases, prioritizes vulnerabilities, and proposes patches using advanced reasoning models. For some, this looked like the beginning of the end for traditional security tools.

From Chainsaws to Application Detection and Response

Managing financial debt is a delicate balancing act, where even the smallest oversight can snowball into significant problems. The same principle applies to business IT in the form of security debt. In other words, accumulated software vulnerabilities that remain unresolved for extended periods. These flaws, particularly those left unaddressed for...

Technology is a double-edged sword. When used correctly, it can result in cutting-edge solutions and digitization. Its misuse, on the other hand, can wreak havoc. As people and organizations become increasingly dependent on technology, it is crucial to be aware of cybercrime trends and potential risks. Only then can we...

Why is it so hard for teams to effectively secure against cyber risks from their supply chains? And what steps can you take to prevent attacks and avoid your organization becoming the next news headline? Let’s address four areas to focus your security tactics on that will better protect your...

Das Einschleusen von Schadcode über eine fremde Domäne lässt sich mit einer Content Security Policy (CSP) erheblich einschränken. Erfahren Sie, wie Sie Ihre Webapplikation gegen Cross-site-Scripting-(XSS-)Attacken härten können.

Aufgabe der IT-Sicherheit ist es vor allem, nicht autorisierte Handlungen von Benutzern eines Computersystems zu verhindern und zu ermitteln. Sie befasst sich insbesondere mit Maßnahmen, die auf absichtliche Handlungen unterschiedlicher Parteien abzielen [1]. IT-Security ist immens wichtig geworden: Im Jahr 2021 wurde der Markt auf knapp 140 Milliarden US-Dollar beziffert;...