Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Arctic Wolf

Why SIEM Is Not Right for SaaS Security

When security information and event management (SIEM) tools came to the market over a decade ago, many practitioners considered the combination of information management and event management groundbreaking. Since then, the technology has gone through iterations to improve and enhance its capabilities, including the incorporation of user and entity behavior analytics (UEBA), machine learning and AI capabilities, and “out-of-the-box” configurations for smaller organizations to rely on.


Leveraging OpenAPI as a Core Element of API and Application Security

An application’s attack surface is the sum of all the areas of an application which could be attacked by malicious attackers. This includes the application’s APIs, the underlying code, supporting infrastructure, and any other components which could be compromised. The goal for any organization is to reduce the attack surface area by discovering and minimizing potential vulnerabilities.

Featured Post

How Unsecured APIs Can Eat Up Retail Revenue

The retail sector has experienced transformational change with the introduction and widespread adoption of digital technology. The sector has seen an extreme level of transformation; from physical storefronts, through the early days of internet retailing, all the way up to the modern retail and eCommerce ecosystem. This transformation has required the adoption of new technology at each stage, with APIs the current foundational building block, enabling the necessary connections between retailers, consumers and the supply chain. However, given the resulting amount of personal identifiable information (PII) on offer, retail is an extremely attractive target for cybercriminals to exploit vulnerabilities for financial gain.

Maximizing Efficiency: The Significance of TDM for Sensitive Data

Organizations dealing with sensitive information must prioritize Test Data Management, a critical practice in the era of data-driven operations. The importance of precision in handling sensitive data cannot be overstated. This article explores the key reasons why utilizing Test Data Management (TDM) for sensitive data is not just beneficial but imperative for ensuring smooth operations and minimizing risks.

Code Signing with Azure Key Vault: Create a Key Vault, Generate CSR and Import Certificate

In today’s digital landscape, where data security is paramount, protecting your private keys, generating certificates, and managing secure connections is crucial. Microsoft Azure KeyVault offers a robust and reliable solution for handling these critical security aspects. Follow the Video to Manage your Keys and Code Signing Certificates on Microsoft Azure KeyVault. You can Buy Code Signing Certificates for Azure Key Vault to Digitally Sign your Executables and Packages.

Critical OWASP Mobile Top 10 2023 Vulnerabilities [+Mobile App Pen-testing Checklists]

Get Android & iOS App Penetration Testing Checklists with OWASP Top 10 Securing mobile applications poses distinct challenges compared to websites. Mobile apps require specialized attention with risks ranging from secure data transfer to device-specific vulnerabilities. Businesses need the right resources and guidance to protect their mobile applications. The OWASP Mobile Top 10 is a good starting point as it outlines the risks and provides actionable tips for mitigating risks.


Dynamic Application Security Testing: Benefits, Pitfalls, and Top Open-Source Solutions

In code security, not everything is "shift left." Dynamic testing is as important to help developers build and ship secure applications on the right-hand side of the SDLC. Let's explore the benefits, pitfalls, and popular open-source DAST tools in this blog post from the Escape team.


Introducing Bearer Assistant

Artificial Intelligence (AI) is a hot topic these days, especially across the security industry. There's hardly a day when we don't read about its potential to create an impact on our lives, for better or worse. As a security company, we truly believe in the potential of AI, but we didn't want to jump into the deep end without careful consideration as we followed the buzz with a healthy amount of skepticism.

AI Reality Check: Navigating High False Positives Today | Proceed with Caution | Razorthorn Security

In this eye-opening video, we dive deep into the current state of AI, shedding light on a significant challenge it grapples with - a high false positive rate. While optimism is warranted for the future, I candidly express my belief that we are still a number of years away from achieving true production readiness.