The cyber risks of your organization demand a proactive and holistic approach. Enter the realm of comprehensive risk-based vulnerability management—a paramount strategy encompassing identifying, evaluating, mitigating, and monitoring vulnerabilities across your vital assets. Imagine achieving all this through a singular solution.

Tracking vulnerabilities and compliance requirements is essential for maintaining application security in any software project. However, this process can be time-consuming and complicated, especially as new issues are identified. Fortunately, the JFrog build-info provides a comprehensive solution by recording key information about your project’s build. With build-info, you can easily track vulnerable versions of your project and ensure that your software stays secure.

With threat actors performing man-in-the-middle (MITM) attacks, having an SSL/TLS certificate is no longer a valid reason to trust an incoming connection. Consequently, developers are increasingly adopting SSL/TLS pinning, also known as certificate or public key pinning, as an additional measure to prove the authenticity and integrity of a connection.

Cybersecurity is complex — anticipating cybersecurity events is another challenge altogether. We could argue that most events can be described by some probabilistic phenomenon, but attempting to define that phenomenon is where things get tricky. IT environment exposure presents real risks, but mathematically (or statistically), we can only aim to describe the likelihood of a cyberattack by accounting for a finite set of factors.

Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

In over 600 data breaches, 40 million individuals were affected across the globe due to the MOVEit Transfer vulnerability. Between June 2023 and the present day, healthcare information, educational records, financial records, personal information, Social Security numbers, and insurance details have been either stolen or wiped out by threat actors who abused the MOVEit Transfer vulnerability.

Repairing a weakness in your IT environment is always easier than dealing with the consequences of that weakness — like, say, a massive data breach — sometime later. This means your security team must be proficient at finding those weaknesses and assessing your IT environment’s vulnerabilities. Those vulnerabilities can include weak passwords, poor patch management, and lax security training.

Cross-Site Scripting (XSS) is a web security vulnerability that happens when cybercriminals inject client-side scripts into web pages accessible by other users. These scripts compromise the web page and allow cybercriminals to inject malicious scripts into a user’s browser, leading to the exposure of data, session hijacking or manipulation of the web page’s content and functionality.

Dell disclosed a Compellent vulnerability affecting VMware users. Let's take a closer look to learn to safeguard your data, prevent coding mishaps, and ensure online security.