Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

In the modern world, where financial transactions are increasingly conducted online, ensuring the security of sensitive financial information has become paramount. The Payment Card Industry Data Security Standard (PCI DSS) guides businesses worldwide towards the secure handling of payment card data. Compliance with PCI DSS not only protects your customers from potential data leaks but also safeguards your organization’s reputation and credibility.

AI has already revolutionized the way we work. ChatGPT, GitHub Copilot, and Zendesk AI are just a few of the tools that are taking over day-to-day tasks like generating customer support emails, de-bugging code, and much, much more. Yet despite all of these advancements, security teams are under more intense pressure than ever to mitigate rapidly evolving risks. Paired with a growing shortage of over 3.4 million cybersecurity workers, security teams are in need of a solution—and fast.

In 2019, The European Parliament introduced the European Cybersecurity Certification Framework in response to growing cyber threats and the need for more robust cybersecurity measures. These certification schemes were part of the broader cybersecurity policy introduced with the European Union Cybersecurity Act, which boosted cybersecurity measures and cyber resilience across EU member states.

Third-party risk management (TPRM) is reviewing and mitigating risks associated with outsourcing business operations to third-party vendors or service providers. Risks are varied but include cybersecurity risks like data breaches or reputational risks that affect business continuity. If your organization wants to create a TPRM program or upgrade your current risk management strategy, focusing on customization can be critical in setting your organization apart.

Customization, Your Way: With Content Manager you can customize your training content preferences effortlessly. Adjust passing scores, infuse branded themes, allow test-outs, and say goodbye to content skipping. And here's the kicker – it's available across all subscription levels.

As Phishing as a Service (PhaaS) kits continue to evolve, news like recent attacks using the Greatness toolkit demonstrate how easy it is for novice attackers to access accounts despite multi-factor authentication (MFA) being enabled. We’ve seen plenty of adversary-in-the-middle (AiTM) attacks over the years, where the threat actor inserts themselves (in one form or another) into an existing communication, impersonating one of the parties in the communication.