Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

2022: Zenity's Tale of Diligence and Growth

2022 was a momentous year in many ways. One of the most significant shifts of 2022 is so substantial – and so successful – that many businesses are already taking it for granted. Low-code/no-code (LCNC) is here to stay! As we predicted early this year, 2022 was the year that LCNC became almost taken for granted, a ubiquitous and empowering trend across businesses.

Announcing Zenity's SOC 2 Type II Certification

Security of our platform and customer data has always been a core focus at Zenity and a north star that we continue to follow, and today we’re excited to announce that we are now SOC 2 Type II certified. This certification demonstrates Zenity’s commitment to ensuring the security of our systems and the data of our customers and partners.

Zenity Named a 2022 IDC Innovator in PaaS that Developers use to accelerate application development and deployment processes

International Data Corporation (IDC) published its annual Innovators report last Friday, November 18th and named Zenity as one of the top five innovative vendors offering a unique PaaS (Platform as a Service) solution that developers are using to accelerate their application development and deployment processes.

Business-Led Development- an Extension of the Public Cloud

To understand this headline better we need to have a better understanding of the traditional ways we think about Software-as-a-Service (SaaS) platforms and public cloud platforms. The difference lies in the starting point of these two solutions, while SaaS started as an extension of the corporate network, the public cloud started as an extension of the data center.

ZAPESCAPE: Organization-wide control over Code by Zapier

In the middle of March 2022, Zenity research team discovered a sandbox-escape vulnerability in Code by Zapier, a service used by Zapier to execute custom code as part of a Zap. Exploiting this vulnerability, any user could take full control over the execution environment of their entire account allowing them to manipulate results and steal sensitive data. For example, a Zapier user could take control over the admin’s custom code execution environment.

SaaS Applications Streamline Application Development and Exploitation

Software-as-a-Service (SaaS) applications are built on the premise of streamlining business practices to improve productivity. Microsoft 365, Salesforce, and similar SaaS platforms commonly integrate automation tools that allow business users to develop the tools that they need to do their jobs. The latest iteration of this is the integration of low-code/no-code platforms into these SaaS solutions.

When User Identity Loses Its Meaning, Hackers Win

When it comes to cybersecurity, businesses typically want to assume that every user is a special snowflake. The premise that each user has a unique identity, and that cybersecurity teams can manage access permissions and identify anomalous activity based on that identity, is a cornerstone of modern security operations.

Zapier Storage Exposes Sensitive Customer Data Due to Poor User Choices

Zenity research team has recently discovered a potential customer data leakage in Storage by Zapier, a service used for simple environment and state storage for Zap workflows. With only a few simple steps and no authentication, we were able to access sensitive customer data. Given the nature of this flaw, it would be easy for bad actors to recreate our approach and access the same sensitive data without significant expertise.