Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cross-site scripting (aka XSS) has rightfully claimed its place as one of the most popular web vulnerabilities. Since its first emergence, somewhere in the dark days of the internet, countless vulnerabilities have been found across websites everywhere. Therefore, it comes as no surprise that XSS has been consistently highlighted as a top risk in the OWASP TOP-10 since the list's very first iteration in 2004!

Since the public release of OpenAI’s ChatGPT, AI-powered browser extensions have proliferated wildly.

In today’s world, technology is quickly evolving and some practices that were once considered the gold standard are quickly becoming outdated. At Cloudflare, we stay close to industry changes to ensure that we can provide the best solutions to our customers. One practice that we’re continuing to see in use that no longer serves its original purpose is certificate pinning.

The Internet of Things (IoT) has slowly but surely weaved its way into our homes and places of work. From smart homes to industrial control systems, IoT has brought convenience and efficiency to our lives. However, with this increased connectivity we have increased our risk. The IoT Attack Surface IoT devices are often designed with functionality in mind, rather than security. This means that many devices have weak or default passwords, unpatched vulnerabilities, and insecure communication protocols.

Businesses have gone mobile-first, and with good reason—people are spending more time and more money on their phones than ever before. For instance, in 2023, an estimated 66% or 2/3rds of all online orders were made from mobile devices. And in 2024, businesses are expected to spend $402 billion on mobile advertising. Mobile apps have become the first choice for users for their online activities in banking, e-commerce, media streaming, social media, etc.

Personal Information (PI) encompasses any data that can identify an individual, either directly or indirectly. This includes basic information such as names and addresses. It also includes more specific details like Social Security Numbers (SSN) and biometric data. Understanding the difference between Personally Identifiable Information (PII) and Sensitive Personal Information (SPI) is crucial for effective data protection.

If you are a developer in the current cybersecurity climate, you already know your application’s security is paramount. But have you considered the risks associated with your vendors? With over 50% of new applications developed in the coming years being Cloud-Native, vendor-related cyber security risks are a growing concern. Cloud-native organizations must consider all vendors during risk assessment. Today, you rely on countless vendors, some of whom are unknown to IT.