February 2026 delivered two milestones that signal a real shift in application security: Anthropic shipped Claude Code Security after finding 500+ zero-day vulnerabilities in production open-source …
Most companies misunderstand penetration testing types. Learn the real difference between black box, white box, and grey box pentests—it’s about knowledge, not access.
Complete guide to API security testing and appsec testing in 2026. Learn REST/GraphQL testing, OWASP Top 10, tools, and when to get professional help.
The OWASP Top 10 2025 brings significant changes to web application security priorities. Two new categories, major ranking shifts, and 589 CWEs analysed—here’s what security teams need to know.
MITRE’s CVE contract expired on April 16, putting global vulnerability tracking at risk. Learn what’s happening and how the security community is responding.
Some software vulnerabilities are unforgivable—easy to find, easy to fix, and never should’ve existed. Here’s how to spot and prevent them.
Assess and improve your software security maturity with SAMMY. Free OWASP SAMM implementation tool for DevSecOps teams. Start your assessment now.
Software supply chain security is in the news again, along with the Trojan Source attack on modern software compilers. Why is it so important?
BSG has conducted an application pentest for the Ukrainian Bone Marrow Donors Registry. Why it matters and how it relates to you?
Where in the software product lifecycle does security come into play? What are best practices and common pitfalls? In this post, read about that and more.