Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Salt Security

STEP Program with Bright Security: DAST Solutions and API Testing

Nov 27, 2023 By Salt Security In Salt Security
We’re all in this together, which is why awareness about APIs and connecting with one another is crucial to cyber security. Salt Security has recently announced our Salt Technical Ecosystem Partner Program which can help demonstrate the role of application security testing when it comes to API security and where it fits in a good API security program.
View Video

OAuth security gaps at Grammarly (now remediated)

Oct 24, 2023 By Salt Security In Salt Security
This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.
View Video
salt security

Oh-Auth - Abusing OAuth to take over millions of accounts

Oct 24, 2023 By Aviad Carmel In Salt Security
OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce a standard authorization protocol, it has become one of the most popular protocols for both user authorization and authentication, and it’s being used by almost every major web service and website today. One of the reasons for its huge popularity is its ease of implementation.
Read Post
salt security

Strengthening our CrowdStrike Bond with Falcon Integration

Sep 19, 2023 By Gilad Barzilay In Salt Security
It’s been just about a year since we first announced our partnership with CrowdStrike. We are delighted to share today that we’ve further strengthened that partnership with the new “better-together” story of Salt and the CrowdStrike Falcon® platform.
Read Post

Understanding API Attacks: Why they are different and how to stop them

Aug 24, 2023 By Salt Security In Salt Security
API attacks aren’t like traditional application attacks. Understanding those differences is crucial to protecting the valuable data and services your APIs enable. Nick Rago, Salt Security Field CTO, discusses in this webinar: We hope you enjoy the webinar on the changing nature of API attacks and learn the best practices to keep your organization safe.
View Video
salt security

In the Alleys of Black Hat and DEF CON 2023: The Quiet API Security Crisis

Aug 23, 2023 By Salt Technical Engineering In Salt Security
The neon lights of Black Hat and DEF CON, with their flashing demos and groundbreaking presentations, often dazzle attendees and cyber enthusiasts alike. From AI-driven hacking tools to quantum encryption, the subjects covered span a vast spectrum. However, as with any vibrant city, these include areas of risk and concern. For Black Hat 2023 events, APIs are core to these areas.
Read Post
salt security

Salt Wins Prestigious SC Magazine Award - "Best API Security Solution"

Aug 21, 2023 By Michelle McLean In Salt Security
It never gets old! We’re excited to share that Salt has won yet another award – our 15th award this year! This time, we have been named the “Best API Security Solution” in the renowned 2023 SC Awards. The SC Awards are cybersecurity’s most prestigious and competitive honor. The premier recognition program honors outstanding innovations, organizations and leaders that are advancing the practice of information security.
Read Post
salt security

What Can be Learned from the JumpCloud Security Incident

Jul 27, 2023 By Nick Rago In Salt Security
In an ideal world, security incidents result in minimal damage, and we can learn from them to improve our future defenses. Fortunately, such appears to be the case with JumpCloud. According to JumpCloud’s blog post, its recent security incident impacted fewer than 5 JumpCloud customers and fewer than 10 devices. Moreover, working together with their incident response (IR) partner Crowdstrike (also a Salt Security partner), JumpCloud has mitigated the attack vector used by the threat actor.
Read Post
Subscribe to Salt Security

Copyright © 2024 OpsMatters™. All rights reserved.