Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2023

indusface

What is WAAP? - A Quick Walk Through

Mar 29, 2023 By Vinugayathri Chinnasamy In Indusface
Many of the businesses that already have revenue-generating web applications are starting an API-first program. Now, old monolithic apps are being broken into microservices developed in elastic and flexible service-mesh architecture. The common question most organizations grapple with is – how to enhance application security designed for web apps to APIs and API security? Protecting APIs against modern cyber threats requires going beyond the traditional solutions.
Read Post
indusface

27 Most Notorious Hacks in History that Fall Under OWASP Top 10

Mar 28, 2023 By Venkatesh Sundar In Indusface
Hacks and data leaks have affected many major players in recent years, including AT&T Vendor(9 Million accounts), T-Mobile (37 Million accounts), JD Sports(10 Million), MyDeal (2.2Million), Dropbox (nearly 69 million accounts), Flagstar bank (1.5 Million) and eBay (145 million). Those were bad. But not the worst. What are the most notorious hacks in history? They’re subject to debate, but these 27 attacks categorized under OWASP Top 10 would be strong candidates for the title.
Read Post
indusface

A Sub-Domain Takeover Story, Two Questions for Every WAF Provider | Sunil Agrawal (CISO, Glean)

Mar 27, 2023 By Indusface In Indusface
In this SaaSTrana podcast, Sunil Agrawal (CISO, Glean) shared his insights with Venky on the evolution of cybersecurity attacks and changes in hacker behavior over the years. He also shares his experience of a sub-domain takeover and how it led him to build foundationally secured SaaS products.
Read Post

Merging WAF and IAM Capabilities for Next-gen Security | Scott Tomilson (Sr.Director, Ping Identity)

Mar 21, 2023 By Indusface In Indusface
In this podcast, Scott Tomilson (Sr.Director, Ping Identity) talks with Venky about best practices for implementing Single Sign-On (SSO) in SaaS apps. He also discusses how applications are at risk due to humans, devices, and apps. And having behavioral-based anomaly scoring and security is the need of the hour.
View Video
indusface

API4:2019 - Lack of Resources & Rate Limiting: The What, Sample Exploit, and Prevention Methods

Mar 16, 2023 By Indusface In Indusface
Lack of resources & rate limiting is #4 on the OWASP Top 10 API Security Risks 2019. It is a prevalent API security risk. As per OWASP, rate limiting and resource-related flaws in APIs are quite easy to exploit, especially with automated toolkits and for-hire services. But the exploitation of the lack of resources & rate limiting flaws has severe consequences for the organization. So, what exactly is this security risk, and how do you prevent it?
Read Post

Patching Vulnerabilities Within 24 hours

Mar 16, 2023 By Indusface In Indusface
The average time of vulnerabilities remain open is 180+ days from the time it is discovered. When it comes to business growth vs security, business always wins, which means vulnerabilities are not patched on time allowing hackers to exploit them. However, most of these can be patched using Virtual patching. That too within 24 hours and ZERO impact to business continuity.
View Video
indusface

API2:2019 Broken User Authentication: The What, Impact, Sample Exploit, and Prevention Methods

Mar 15, 2023 By Indusface In Indusface
API2:2019 Broken User Authentication happens when an attacker bypasses an API’s authentication and authorization mechanisms and gains access to sensitive data or functionality that should only be available to authorized users.
Read Post

The Explosion of APIs and Nuances of API Security | Kashi (Co-founder & CTO, Fitbots)

Mar 13, 2023 By Indusface In Indusface
Here are some highlights of the conversation between Kashi (Co-founder & CTO, Fitbots OKRs) & Venky (Founder & CMO, Indusface). They discuss how the API adoption growth will lead to an exponential increase in API security needs. Adopting multiple business services & securely integrating with them will be the future for running a sustainable long-term business. They cover a bunch of other aspects in the SaaSTrana Podcast, like: - API security with dynamic endpoints
View Video
indusface

19 Cybersecurity Trends Every CISO Must Prepare for in 2023

Mar 9, 2023 By Indusface In Indusface
We saw numerous cybersecurity breaches in 2022. The attacks became more sophisticated, the bots got sneakier, and the cost of breaches multiplied. Yet, enterprises were underprepared to deal with the well-known threats. With the rise of new technologies and the increased adoption of remote work, cybercriminals have quickly adapted their tactics. They are now targeting businesses in ways never seen before.
Read Post

A Sub-Domain Takeover Story, Two Questions for Every WAF Provider | Sunil Agrawal (CISO, Glean)

Mar 9, 2023 By Indusface In Indusface
Overview: In this podcast, we have Sunil Agrawal (CISO, Glean), who has 22+ years of cybersecurity experience and 35+ patents in his name. He has worked in organizations like Adobe, Netflix, Motorola, Qualcomm, etc., and has seen the evolution of cybersecurity attacks and changes in hacker behavior over the years. He shares his experience of a sub-domain takeover and how it led him to build foundationally secured SaaS products.
View Video

10 API Security Tips you must know

Mar 7, 2023 By Indusface In Indusface
Cloud services have made the world a highly interconnected ecosystem. Enterprises leverage services (virtual and physical) provided by other enterprises rather than build them from scratch, creating a web of connected devices, applications, and users. An API is one such service. About Indusface: Indusface is a SaaS company that secures critical Web applications of 5000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine.
View Video
indusface

API Security 101: Understanding the Risks and Implementing Best Practices

Mar 3, 2023 By Vinugayathri Chinnasamy In Indusface
API security is the process of effectively securing APIs owned by the organization and external APIs used by implementing API-specific security strategies. It secures API vulnerabilities and misconfigurations and prevents their exploitation by attackers. It mitigates a wide range of API security threats and helps effectively manage risks associated with APIs.
Read Post
indusface

What is Cross-Site Scripting (XSS)? Types of XSS, Examples, and Patching Best Practices

Mar 1, 2023 By Venkatesh Sundar In Indusface
Cross-Site Scripting (XSS) is a security vulnerability that allows an attacker to inject malicious code into a web page viewed by other users, usually in a script. When other users view the compromised page, the injected code can execute and steal sensitive information or perform malicious actions on their behalf. This attack typically targets web applications that allow user-generated content or input, such as message boards, comment sections, or search boxes.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.