Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Salt Security

salt security

Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data

Mar 13, 2024 By Aviad Carmel In Salt Security
Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.
Read Post
salt security

Salt Security, API Posture Governance, and the NIST Cybersecurity Framework 2.0

Mar 8, 2024 By Eric Schwake In Salt Security
Securing organizations against today’s most advanced threats continues to be challenging, with APIs (Application Programming Interfaces)playing an increasingly central and vulnerable role, especially as digital transformation marches on. The NIST Cybersecurity Framework 2.0 (CSF) release underscores the urgency of addressing evolving threats and now emphasizes the importance of governance in Cybersecurity.
Read Post
salt security

Introducing the Salt Developer Portal: Unleash the Power of Automating API Security

Mar 5, 2024 By Eric Schwake In Salt Security
AppSec leaders and security practitioners, rejoice! Automating your security practices using Salt Platform APIs is now easier than ever, empowering developers to integrate APIs quickly and efficiently while helping reduce risk. The newly launched Salt Developer Portal is your one-stop hub for all API security automation needs.
Read Post

A New Strategy for Reducing API Risk

Feb 2, 2024 By Salt Security In Salt Security
As organizations increasingly embrace APIs, a new challenge has emerged - the complexity of managing, securing, and understanding the sprawling API landscape within an organization. To tackle these concerns head-on, Salt Security has pioneered the industry's first API posture governance engine and a suite of advanced capabilities designed to bring clarity, security, and efficiency to your API ecosystem.
View Video
salt security

API Risk Management: A Strategic Approach to API Risk Reduction

Jan 18, 2024 By Nick Rago In Salt Security
Could you imagine our interstate highway system without roadway bridges? I don’t think anyone would argue that bridges are not an essential part of an effective ground transportation network. So it doesn’t surprise me that when I ask people what makes a highway bridge “good,” I get quick responses with pretty consistent answers: guardrails, proper lighting, clear signage, smooth driving surface, lane markings, load capacity, structural integrity, and so on.
Read Post
salt security

The Debut of the Industry-First API Security Posture Management Engine

Jan 17, 2024 By Michael Callahan In Salt Security
Today, we’re thrilled to share that Salt has launched extended capabilities to our powerful platform, adding yet another industry-first technical advancement to our trophy case! (full announcement here.) Since its founding, Salt’s been on a mission to create a platform that can detect, prioritize and solve the most complex API security challenges and risks.
Read Post
salt security

API Predictions for 2024

Jan 12, 2024 By Michael Nicosia In Salt Security
Is Salt Security a fortune teller? We’re not sure if we’d go as far as to say that, but we certainly have had our fair share of precognitive moments. In today’s virtual age where everyone is utilizing and relying on digital landscapes, people’s data is constantly being put online. As technology advances and more people go online, bad actors and cyber threats use vulnerabilities in Application Programming Interfaces (APIs) to get access to sensitive data.
Read Post

STEP Program with Bright Security: DAST Solutions and API Testing

Nov 27, 2023 By Salt Security In Salt Security
We’re all in this together, which is why awareness about APIs and connecting with one another is crucial to cyber security. Salt Security has recently announced our Salt Technical Ecosystem Partner Program which can help demonstrate the role of application security testing when it comes to API security and where it fits in a good API security program.
View Video
salt security

Oh-Auth - Abusing OAuth to take over millions of accounts

Oct 24, 2023 By Aviad Carmel In Salt Security
OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce a standard authorization protocol, it has become one of the most popular protocols for both user authorization and authentication, and it’s being used by almost every major web service and website today. One of the reasons for its huge popularity is its ease of implementation.
Read Post

OAuth security gaps at Grammarly (now remediated)

Oct 24, 2023 By Salt Security In Salt Security
This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.