Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might have missed, click here. This post will put a spotlight on Injection, which used to be its own category (OWASP API8:2019) but has now been subsumed into OWASP API10:2023 (Unsafe Consumption of APIs).

As organizations increasingly deploy business-critical workloads to managed cloud services, enforcing strong security practices needs to be a top priority. While many managed cloud service providers do a good job of protecting the cloud and infrastructure itself, it’s the responsibility of the customer to protect what’s running inside the cloud.

The internet has become an integral part of our daily lives, protecting our online accounts and sensitive information is more critical than ever. Passwords are the first line of defense against cyberattacks, and their strength is essential in safeguarding our identities. In this blog post, we’ll cover passwords and password managers, exploring the significance of strong passwords and the role that password managers play in enhancing our online security.

One of the major concerns of multi-cloud companies is security. 69% of organizations admitted to experiencing data breaches or exposures due to multi-cloud security configurations.

Several U.S. federal agencies have proposed a rule, FAR Case 2021–019, and issued a call for public comment to standardize cybersecurity contractual requirements for unclassified federal information systems and a statute on improving the nation's cybersecurity.

A joint cybersecurity advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. The report aims to detail the weaknesses found in many large organisations, and the need for software makers to properly embrace the principles of security-by-design.