Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Directory Traversal Cheat Sheet for 2024 [PDF Download]

If you give attackers an inch, they will take a mile. That’s essentially what happens when there are minor flaws in your web applications – these flaws leave one inch of your system’s doors open. Before you know it, sophisticated threats like directory traversal come crawling. Currently, there are 55 different directory traversal vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog.

Industry Analysts Call Trustwave Security Colony a Vital Tool for Enhanced Cybersecurity

Security Colony may not have the name recognition of some of Trustwave’s other security products and services, but when experts discuss and measure Trustwave's strengths, this repository of knowledge is almost inevitably brought up in the conversation. For example, over the last several years, the industry analyst firms IDC, Frost & Sullivan, and ISG have all called out Security Colony as a primary reason why each selected Trustwave for various accolades.

Tricentis Tosca Secrets Manager Integration with CyberArk Software

- In this video, we explore the integration between Tricentis Tosca and CyberArk, demonstrating how to securely store and manage sensitive data, such as passwords and multi-factor authentication (MFA) keys, directly in CyberArk. Learn how to seamlessly access this data in your test cases and configurations when needed. This integration ensures enhanced security for your test automation by centralizing sensitive data management within CyberArk. Be sure to subscribe for more tutorials on test automation and security best practices!

Automating Security Workflows with DAST Essentials

In today's digital landscape, developers face mounting pressure to deliver secure applications within tight deadlines. But with faster release cycles, it becomes challenging to prioritize security. Security testing needs to work and scale within your DevOps speed and release frequency. Web applications are highly targeted assets, accounting for 40% of breaches within organizations, according to the Verizon Data Breach Investigations Report.

Empowering Developers in AppSec: Scaling and Metrics

This is the second instalment of a two-part blog post. The blogs are based on one of our “AppSec Talk” YouTube videos, featuring Kondukto Security Advisor Ben Strozykowski and Rami McCarthy, a seasoned security engineer with experience at Figma and Cedar Cares. In that video, Ben and Rami delved into the critical role developers play in the security program and the application security lifecycle.

Detect and Prevent Insider Threats with Lookout

Discover how to safeguard your organization from one of the most significant threats: malicious insiders. Learn to differentiate between legitimate user behavior and nefarious activities. By leveraging user and entity behavior analytics (UEBA), real-time alerts, adaptive security policies and dynamic decryption, the Lookout Cloud Security Platform ensures comprehensive protection against insider threats.

Navigating Access Challenges in Kubernetes-Based Infrastructure

Organizations often find that as they deploy their K8S infrastructure into production and across their company, what worked well for managing access during development does not scale efficiently. Research shows that this often leads to serious security risks including breaches. So, new access challenges emerge, particularly as teams scale. Join us for a 30-minute deep dive into how to secure access to Kubernetes-based environments including clusters, databases, and applications in a scalable way.

What is the KEV Catalog?

With external threats looming as a constant source of potential disruption, multiple government agencies have coordinated to compile a catalog of Known Exploited Vulnerabilities (KEV). The Known Exploited Vulnerabilities Catalog, or KEV catalog, is a database of actively exploited vulnerabilities, including those that have been exploited by ransomware campaigns, that can help application security professionals in the public and private sectors monitor threats and prioritize fixes.

Secure your Elastic Cloud account with multifactor authentication (MFA)

In an era where cyber threats are constantly evolving, protecting your identity and data from unauthorized access is more critical than ever. That's why we're excited to bring you the enhanced multifactor authentication (MFA) for Elastic Cloud. This feature significantly strengthens the security of your Elastic Cloud user and deployment data by aligning with industry best practices. You can go to Elastic Cloud and complete your MFA setup today.