Takeaways from OWASP Global AppSec SF 2024, covering security tools, AI risks, and strategies for improving application security while empowering developers.

Have you ever stopped to consider all of the components that comprise a working automobile? Even a cursory examination reveals more parts than might be considered when we turn the ignition key. However, many of these components are useless when detached from the full product. A steering wheel without a car is not exactly an efficient mode of transportation.

Almost all organizations either rely on cloud computing or are planning to adopt cloud computing technologies soon to ensure their businesses remain competitive and gain an edge over the competition. As businesses increasingly rely on cloud services to manage their operations, the complexity of these environments continues to grow, introducing new challenges in maintaining security and compliance. This is where Cloud Security Posture Management (CSPM) comes into the picture.

If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in yet another “recommendation” (a vulnerability without any impact).

In today’s hyperconnected world, the proliferation of Internet of Things (IoT) and Operational Technology (OT) devices has dramatically transformed industries, driving innovation, efficiency, and automation. However, as organizations continue to adopt these devices, the security landscape has become increasingly complex. Traditional IT security measures often fall short of safeguarding these critical assets, leaving them vulnerable to cyber threats.

As in many companies around the world, Bitsight leadership believes that adoption and innovation through the use of artificial intelligence (AI) capabilities is crucial to the future of our company. From the top down, our employees are continually on the hunt for ways to leverage AI to improve business outcomes and customer productivity.

A new series of vulnerabilities in the Common Unix Printing System (CUPS) threatens numerous Linux systems, potentially allowing remote code execution (RCE). This affects a wide range of platforms, including Debian, Red Hat, SUSE and macOS. The vulnerabilities—tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177—are believed to endanger over 76,000 devices, with estimates suggesting up to 300,000 could be affected.

We are thrilled to announce that we have completed the acquisition of Venafi, a recognized leader in machine identity management. This strategic move aligns with our commitment to not just protecting human identities but expanding our capabilities for securing the rapidly growing world of machine identities.

The latest draft of the National Institute of Standards and Technology (NIST) password guidelines aims to simplify password management by eliminating outdated practices and providing clearer guidance on best practices.

The rise of cloud-based software applications has changed the way many companies operate. Leveraging SaaS platforms allows organizations to streamline their workflows and better accommodate remote and hybrid workforces. However, spreading your data throughout the cloud can leave it vulnerable — unless you have strong SaaS security practices in place.