Welcome to the 5th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API4:2023 Unrestricted Resource Consumption. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Vulnerability assessment identifies weaknesses or vulnerabilities in computer systems, networks, and software, along with the inherent risks they introduce. By using specialized tools like vulnerability scanners and manual methods, vulnerability assessment helps organizations figure out where they might be at risk. This process not only identifies potential problems but also helps prioritize them based on their severity level.

The installation of Active Directory (AD) on Windows Server 2019 calls for a thorough understanding of technical nuances and a steadfast dedication to security best practices. This guide will walk you through the process of securely implementing Active Directory, ensuring the highest level of protection for the information and resources within your company.

As happens every year, Netskopers from across different teams attended the Black Hat USA, BSides, and DEFCON conferences, each coming away with their own take on what was new and exciting. With “Summer Camp” now behind us, we checked in with those folks who attended to share some of what they saw on the floor and what exciting topics stuck out most to them. Here’s what they had to say.

Any organization that relies on third-party vendors for critical business functions should develop and maintain an effective third-party risk management (TPRM) policy. A TPRM policy is the first document an organization should create when establishing its TPRM program. TPRM policies allow organizations to document internal roles and responsibilities, develop regulatory practices, and appropriately communicate guidelines to navigate third-party risks throughout the vendor lifecycle.

The external attack surface is the sum of all potential attack vectors originating outside your internal network, that is, your third-party attack surface. With reliance on third-party vendor relationships increasing, External Attack Surface Management (EASM) plays a more prominent role in data breach prevention programs.

A Third-Party Risk Management Program (TPRM) is a systematic approach to mitigating risks associated with third parties, such as vendors, suppliers, and contractors. It includes an assessment process that identifies, evaluates, and remediates any risks affecting your organization. Implementing effective third-party risk management (TPRM) measures can safeguard organizations against potential threats and promote seamless and confident collaborations with external partners.

The U.S. Federal Government passed the Computer Fraud and Abuse Act (18 U.S.C.§1030) (CFAA) in 1986 as an amendment to the Comprehensive Crime Control Act of 1984, which included the first federal computer crime statute. Since enacting the CFAA, congress and the federal government have amended the act multiple times to extend its reach and impose criminal and civil liability on additional malicious computer activities.