Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Salt Wins UK Trophy for Best Cybersecurity Solution!

We have smashing news to share! Salt Security has been named Cybersecurity Solution of the Year in the Prestigious National Technology Awards – our first award in the UK and a brilliant recognition! Organized by National Technology News, the National Technology Awards celebrate the pioneers of technology and encourage excellence, providing the most comprehensive celebration of technology of the year.

Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services

This post is the second in a series describing OAuth implementation issues that put companies at risk. We create these posts to share rich technical details, drawn from real-world use cases, to educate the broader industry on the nature of these errors, their potential impact, and how to avoid them to better protect API ecosystems.

From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

For those wondering what GraphQL is… “GraphQL is a query language for your API, and a server-side runtime for executing queries using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.”

The implications of adding SAST to your CI/CD pipeline

DevSecOps is all about better integrating security into the software development life cycle (SDLC). When combined with the desire to automate repetitive tasks, the inevitable conclusion is to put any repeatable testing tool into your app’s build pipeline. For any tooling that involves code analysis, it makes sense to sync up with existing testing workflows. That’s where CI comes in.

API Security: Authorization, Rate Limiting, and Twelve Ways to Protect APIs

41% of organizations suffered an API security incident, where a majority (63%) were data breaches. This is despite 90% of them using authentication policies in place, according to a survey by 451 Research. No surprises there, as authentication is just one piece of the API security puzzle. In this blog, we’ll cover the 12 methods that technology leaders need to incorporate to secure and protect APIs.

API5:2019 Broken Function Level Authorization: The What, Impact, Sample Exploit, and Prevention Methods

APIs are great for accessing specific functions and features, but what happens when they allow unauthorized access? Imagine a social media platform where users can share posts. To enable users to access posts, the platform provides an API that allows GET requests to retrieve posts by specifying the user ID and post ID. GET/api/v2.1/user/1438/posts?id=40. The API will return the 40th post for user id 1438. As these are public forums, any user can submit GET requests to access posts.

DevSecOps lifecycle coverage with new Snyk and Dynatrace app

Balancing the volume of applications and the increased deployment frequency with the need for security is a struggle for both development and security teams. Recent research indicates that vulnerability management in modern software development has become more complex, with 69% of CISOs acknowledging this challenge. Consequently, many applications are not adequately covered by security scans.

More Kudos for Salt Leadership in Delivering API Security to Financial Services Firms!

The accolades continue for Salt Security! Hot on the heels of being named in Inc.’s Best Workplaces 2023, our platform has now been included in the CyberTech 100 list, which highlights the top companies in cybersecurity for financial services organizations. These company recognitions also follow a slew of recent awards for us, among them the Ally Technology Peace of Mind award presented by Ally Financial, the largest US digital-only bank and auto finance company.

The Linux Crypto API for user applications

In this post we will explore Linux Crypto API for user applications and try to understand its pros and cons. The Linux Kernel Crypto API was introduced in October 2002. It was initially designed to satisfy internal needs, mostly for IPsec. However, in addition to the kernel itself, user space applications can benefit from it.

Top 10 ways to secure Ruby on Rails applications

Ruby on Rails is one of the most loved combinations in tech. It’s a language and framework that’s accessible to people of varying skill sets and experience. Its maturity and widespread adoption shows with how much the core team and community care about security. Each release improves the framework's hardiness, but there's still so much we can do as developers to protect our applications.