Authorization vulnerabilities allow malicious users to perform unwanted actions or access resources that are deemed protected otherwise. Authorization vulnerabilities are one of the most widely found vulnerabilities in web applications. The OWASP top 10 list of web application security risks listed broken access control vulnerabilities as the number one risk in 2021, so understanding authorization vulnerabilities is an important topic for application security engineers.

When a large oil and gas company in southeast Europe set out to migrate on-premises data and applications to public cloud infrastructure, they turned to Lookout to help address the myriad of security challenges that emerged. The Lookout Cloud Access Security Broker (CASB) solution with advanced Data Loss Prevention (DLP) provided the full breadth of integrated features needed to assure all data security and compliance considerations were met while allowing for open cloud data interaction.

On March 15, 2022, users of the popular Vue.js frontend JavaScript framework started experiencing what can only be described as a supply chain attack impacting the npm ecosystem. This was the result of the nested dependencies node-ipc and peacenotwar being sabotaged as an act of protest by the maintainer of the node-ipc package.

How often have you heard someone say “Cybersecurity is complicated!”? If you’re a practitioner in the cybersecurity industry you’ll have heard these words often, probably along with “…and it’s really boring too!”

Modern web frameworks can simplify the web application development process dramatically, facilitating innovation and saving time. However, their use can come at a steep price if the framework contains vulnerable or malicious third-party code. JavaScript security can help protect against the dangers of third-party code making it key for use in web frameworks.

Microsoft 365 provides a powerful document management and collaboration platform. However, with so many applications available in the platform to store and share information internally and with external parties, such as partners, contractors and vendors, ensuring proper access and data security can be a challenge. In this blog we examine how to ensure secure file sharing in Microsoft 365 and Teams.

In this article, you'll learn how add SAML SSO login to an Express.js app. You'll use SAML Jackson with Auth0 to authenticate users and protect routes. You can also access the full code at the GitHub repository. Let’s get started!

Within the context of the recent Conti leaks, we have seen the Jabber chats, indicating the size, scope, order, and structure of the Conti group. The subsequent leaks contained screenshots, documents, and the holy-grail – the source code itself.

The US Office of Management and Budget (OMB) has released a strategy to help the federal government embrace a zero-trust approach to cybersecurity.

Stevenage, 15th March 2022 – Today new findings from the Bulletproof Annual Cyber Security Industry Threat report highlight the issue posed by poor security hygiene as automated attacks remain a high security threat to businesses. The research gathered throughout 2021, showed that 70% of total web activity is currently bot traffic.