On November 12th, 2024, at the Pavilion Hotel in Kuala Lumpur, Snyk’s Field CTO, Pas Apicella, delivered an insightful presentation at the Digital Banking Asia Summit 2024 in Malaysia. Titled, ‘Securing the Digital Future: Best Practices for Application Security in Digital Banking’, his talk focused on actionable strategies to address pressing challenges in the financial services industry.

SAQ A-EP is a key focus of the Payment Card Industry Data Security Standard (PCI DSS) version 4, which introduces changes affecting merchants. Designed for e-commerce merchants who partially outsource their payment processing but have website elements impacting transaction security, SAQ A-EP ensures compliance with these updated requirements. This article clarifies these changes and outlines the top 5 actions SAQ A-EP merchants should take before March 31, 2025.

Credential phishing attacks surged by 703% in the second half of 2024, according to a report by SlashNext. Phishing attacks overall saw a 202% increase during the same period. “Since June, the number of attacks per 1,000 mailboxes each week has increased linearly,” the researchers write. “Currently, we are capturing close to one advanced attack per mailbox each week. As we reach the 1,000 threshold, this translates to nearly one advanced attack for every single mailbox each month.

In this blog post, we will introduce the concept of behavioral Cloud Application Detection & Response (CADR). In case this is the first time you have heard of CADR, we’ll start by explaining that concept and explain why it’s essential for protecting modern applications. Let’s go.

In August 2022, LastPass suffered a data breach with escalating impact, ultimately resulting in a mass user exodus toward alternative password manager solutions. This post provides an overview of the timeline of events during the LastPass cyber attack and critical lessons to help you avoid suffering a similar fate. Learn how UpGuard streamlines Vendor Risk Management >

It only takes seconds for a normal workday to turn disastrous. No matter what industry you’re in, handling your IT obligations is crucial. A single data breach costs an average of $4.5 million to overcome. Many people choose to outsource these responsibilities, but not everyone knows how to find the right provider. This is especially true when looking for an MSSP vs MSP. Knowing the difference can help you make the best decision for your IT operations and overall business security.

If you thought PCI DSS 4.0.1 was just a minor tweak to the old requirements, think again. 2025 is here, and it’s clear that many SAQ A-EP merchants are still missing critical steps needed to stay compliant. In fact, we noticed that over 90% of SAQ A-EP merchants aren’t aware that they need to implement new technical measures to address Requirements 6.4.3 and 11.6.1.

If you’re here, you know the basic DevSecOps practices like incorporating proper encryption techniques and embracing the principle of least privilege for access control. You may be entering the realm of advanced DevSecOps maturity, where you function as a highly efficient, collaborative team, with developers embracing secure coding and automated security testing best practices.

The software development life cycle (SDLC) process continues to present significant security risks to organizations and their customers. By proactively integrating security at the heart of application development, DevSecOps transforms how businesses identify and manage potential vulnerabilities when developing software.