On November 16, 2023, a significant security concern was published by Google's Threat Analysis Group (TAG). They revealed an alarming vulnerability in Zimbra Collaboration, a widely-used email hosting tool for organizations. This vulnerability, designated with an identifier, CVE-2023-37580, is a glaring example of a reflected cross-site scripting (XSS) issue. It allows malicious scripts to be injected into unsuspecting users' browsers through a deceptively simple method: clicking on a harmful link.

Panoptica Cisco’s Cloud Application Security platform provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments.

We are thrilled to introduce the Bearer GitHub App, a powerful addition designed to streamline your workflow and elevate your security practices.

One of my favourite tools for playing with REST APIs is, of course, Postman. It can make interacting with DataTrails super quick and easy, and help you develop custom workflows for storing and validating your digital provenance and audit trails. Here’s a step-by-step guide to getting a robust Postman set-up configured, and if you head over the Postman public collections you’ll find a link to a pre-baked DataTrails Postman collection with this done for you, along with some example requests.

Web applications are one of the most common vector for breaches, accounting for over 40% of breaches according to Verizon's 2022 Data Breach Report. Ensuring that your web applications are sufficiently protected and continue to be monitored once they are in production is vital to the security of your customers and your organization.

In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these vulnerabilities, their implications, and the necessary mitigation steps to protect your digital assets.

The world of digital technology is perpetually evolving, positioning cybersecurity as a frontline defense in safeguarding essential digital assets. A primary challenge in this sector, accentuated by the Wallarm API ThreatStats™ report Q3’2023, is ensuring robust API security. This in-depth report emphasizes the urgent need for immediate, strategic actions from business leaders and cybersecurity practitioners alike to combat the sophisticated emerging threats.

In the dynamic world of software development, Application Programming Interfaces (APIs) serve as essential conduits, facilitating seamless interaction between software components. This intermediary interface not only streamlines development but also empowers software teams to reuse code. However, the increasing prevalence of APIs in modern business comes with security challenges.

The 2023 SANS Survey on API Security (Jun-2023) found that less than 50 percent of respondents have API security testing tools in place. Even fewer (29 percent) have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has long offered the ability to generate OpenAPI Specifications (aka Swagger) based on actual traffic across your endpoints.

An API Gateway is a mediator between the client and the collection of backend services. It accepts all API calls and routes them to one or more appropriate backend services. It doesn’t stop there; it aggregates appropriate data/ resources and delivers it to the user in a unified manner. Placed in front of the API/ group of microservices, the API gateway is the single-entry point for all API calls made to and executed by the app.