Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Featured Post

Growing Digital Ecosystems, Increasing Cybersecurity Risk, Fragmented Regulations and Economic Challenges Emphasizes Need for Holistic API Security

The challenges that the global business community has faced in the last few years have been unprecedented. A pandemic, inflation, an energy crisis, war, an economic downturn, and fragmented and delayed supply chains have all created issues for organizations and have left no industry, market, or region untouched. Yet, despite these issues, our digital ecosystems and footprint grow ever bigger and increasingly complex. The global digital transformation market was worth $731.13 billion in 2022, and it is now expected to grow at a CAGR of 26.7% by 2030, driven in the main by businesses trying to gain a competitive advantage.

API7:2019 Security Misconfiguration: The What, Sample Exploits, and Prevention Methods

Security misconfigurations are very common security risks, not just in web applications but also in APIs. They have been consistently part of the OWASP Top 10 Web Application Vulnerabilities. They were part of the original OWASP Top 10 API Security Risks published in 2019 and have now made it to the updated 2023 list. Security misconfiguration maintains its 7th rank in OWASP Top 10 API 2023RC owing to its widespread prevalence, easy exploitability, and easy detectability.

salt security

Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services

This post is the second in a series describing OAuth implementation issues that put companies at risk. We create these posts to share rich technical details, drawn from real-world use cases, to educate the broader industry on the nature of these errors, their potential impact, and how to avoid them to better protect API ecosystems.


From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

For those wondering what GraphQL is… “GraphQL is a query language for your API, and a server-side runtime for executing queries using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.”


The implications of adding SAST to your CI/CD pipeline

DevSecOps is all about better integrating security into the software development life cycle (SDLC). When combined with the desire to automate repetitive tasks, the inevitable conclusion is to put any repeatable testing tool into your app’s build pipeline. For any tooling that involves code analysis, it makes sense to sync up with existing testing workflows. That’s where CI comes in.


API Security: Authorization, Rate Limiting, and Twelve Ways to Protect APIs

41% of organizations suffered an API security incident, where a majority (63%) were data breaches. This is despite 90% of them using authentication policies in place, according to a survey by 451 Research. No surprises there, as authentication is just one piece of the API security puzzle. In this blog, we’ll cover the 12 methods that technology leaders need to incorporate to secure and protect APIs.

Stopping API attacks with Salt Security and AWS WAF

Every company’s APIs are unique and so are its security gaps. Bad actors will poke and prod to learn your APIs and find mistakes in business logic they can exploit. Catching these attacks requires context and deep behavioral analysis over time. With its recent AWS WAF Ready designation, Salt Security makes it easier and faster for businesses to protect the APIs running in their AWS environments. Salt provides the visibility, intelligence, and context over time to identify and block attacks using tools you already rely on such as Amazon API Gateway, AWS WAF, and other inline enforcement points.

API5:2019 Broken Function Level Authorization: The What, Impact, Sample Exploit, and Prevention Methods

APIs are great for accessing specific functions and features, but what happens when they allow unauthorized access? Imagine a social media platform where users can share posts. To enable users to access posts, the platform provides an API that allows GET requests to retrieve posts by specifying the user ID and post ID. GET/api/v2.1/user/1438/posts?id=40. The API will return the 40th post for user id 1438. As these are public forums, any user can submit GET requests to access posts.


DevSecOps lifecycle coverage with new Snyk and Dynatrace app

Balancing the volume of applications and the increased deployment frequency with the need for security is a struggle for both development and security teams. Recent research indicates that vulnerability management in modern software development has become more complex, with 69% of CISOs acknowledging this challenge. Consequently, many applications are not adequately covered by security scans.