Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2024

alienvault

Bulletproofing the retail cloud with API security

Jan 31, 2024 By Devin Partida In AT&T Cybersecurity
Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability.
Read Post

Securing the Gateway - Mastering API Security in the Modern Web Landscape

Jan 31, 2024 By GitGuardian In GitGuardian
APIs are the backbone of modern web applications, yet we rarely assess security beyond the traditional WAFs and Gateways. In fact, in a recent scan of over 1.5k GraphQL endpoints revealed a staggering 46,000+ security issues and sensitive data leaks—all accessible without authentication, with 10% classified as critical. Due to API’s being widely used by developers, they have now become a favored attack vector for threat actors.
View Video
wallarm

Stopping Credential Stuffing Attacks: We Need to Do Better

Jan 31, 2024 By Wallarm In Wallarm
Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.
Read Post
wallarm

Server-Side Template Injection Vulnerability in Confluence Data Center and Server (CVE-2023-22527)

Jan 30, 2024 By Wallarm In Wallarm
On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server, identified as CVE-2023-22527. This issue found in older versions, poses a serious risk as it allows attackers without any authentication, to inject OGNL expressions. This means they could potentially run any code they want on the compromised system.
Read Post
wallarm

Introducing the Wallarm 2024 API ThreatStatsTM Report

Jan 29, 2024 By Wallarm In Wallarm
The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular updates, and the adoption of latest advanced security solutions.
Read Post
salt security

API Risk Management: A Strategic Approach to API Risk Reduction

Jan 18, 2024 By Nick Rago In Salt Security
Could you imagine our interstate highway system without roadway bridges? I don’t think anyone would argue that bridges are not an essential part of an effective ground transportation network. So it doesn’t surprise me that when I ask people what makes a highway bridge “good,” I get quick responses with pretty consistent answers: guardrails, proper lighting, clear signage, smooth driving surface, lane markings, load capacity, structural integrity, and so on.
Read Post
salt security

The Debut of the Industry-First API Security Posture Management Engine

Jan 17, 2024 By Michael Callahan In Salt Security
Today, we’re thrilled to share that Salt has launched extended capabilities to our powerful platform, adding yet another industry-first technical advancement to our trophy case! (full announcement here.) Since its founding, Salt’s been on a mission to create a platform that can detect, prioritize and solve the most complex API security challenges and risks.
Read Post
salt security

API Predictions for 2024

Jan 12, 2024 By Michael Nicosia In Salt Security
Is Salt Security a fortune teller? We’re not sure if we’d go as far as to say that, but we certainly have had our fair share of precognitive moments. In today’s virtual age where everyone is utilizing and relying on digital landscapes, people’s data is constantly being put online. As technology advances and more people go online, bad actors and cyber threats use vulnerabilities in Application Programming Interfaces (APIs) to get access to sensitive data.
Read Post
wallarm

Addressing the Rising Threat of API Leaks

Jan 3, 2024 By Wallarm In Wallarm

In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address. The digital era has amplified these challenges, with APIs becoming central to the operational fabric of numerous enterprises.

Read Post

The Darkside of GraphQL

Jan 3, 2024 By Datadog In Datadog
GraphQL is a query language for APIs that provides a powerful and efficient way to query and manipulate data. As powerful and versatile as GraphQL is, its downside is that it can be vulnerable to certain security threats. In this presentation, we will discuss the security vulnerabilities associated with GraphQL, from the basics to more advanced threats, and how to best protect against them. After this presentation, attendees will have a better understanding of security vulnerabilities in GraphQL, as well as an understanding of the steps needed to protect against them.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.