OWASP TOP 10 - API Security Testing
***********************************************************************************
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Snyk named a Customer Favorite in The Forrester Wave: Software Composition Analysis Software, Q4 2024 Report
Snyk is proud to announce that our developer security platform has been recognized as a Leader in The Forrester Wave: Software Composition Analysis (SCA) Software, Q4 2024 report. In this evaluation, we were one of just three Leaders and were named a Customer Favorite.
Exploitation Walkthrough: ESC15/EKUwu with Justin Bollinger from TrustedSec
Justin Bollinger, Principal Security Consultant at TrustedSec, discussed his research and mitigation guidance on ADCS ESC15 (CVE-2024-49019), also known as EKUwu, a vulnerability in Microsoft's Active Directory Certificate Services.
OWASP Top 10 Vulnerabilities in 2021: How to Mitigate Them?
The OWASP Top 10 is a research-based document that raises awareness among developers, organizations, and security professionals on the most critical security risks facing web applications. The latest is the OWASP Top 10 vulnerabilities 2021, released in September 2021 after a 4-year gap. In this article, the OWASP Top 10 vulnerabilities 2021 are explained in detail, along with ways to mitigate each.
CVE-2024-8068 and CVE-2024-8069: Citrix Session Recording Vulnerability
Two Citrix vulnerabilities (CVE-2024-8068 and CVE-2024-8069) can potentially lead to unauthenticated remote code execution. Note: according to the vendor, privilege escalation to NetworkService Account access in Citrix Session Recording and limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording is possible when an attacker is an authenticated user in the same intranet.
Stored XSS Vulnerability in bodi0's Easy Cache Plugin
Product Name: bodi0’s Easy Cache Vulnerability: Stored XSS Vulnerable Version: Will be disclosed soon CVE: Will be disclosed soon On September 16, 2024, the team of pentesters at Astra Security found a stored Cross-Site Scripting or XSS in bodi0’s Easy Cache plugin. It is a plugin designed for WordPress that helps optimize the caching functionality, thus allowing enhanced page loading and reducing the server load.
Extending Developer Security with Dev-First Dynamic Testing
Today, we announced the exciting news that Snyk has acquired Probely, a fast-growing modern provider of API Security Testing and Dynamic Application Security Testing (DAST). With this addition, Snyk now offers a full range of development and application security solutions, with customers immediately benefiting from a broader range of developer friendly testing techniques.
How ASPM boosts visibility to manage application risk
How often are you surprised by a threat or vulnerability from a software asset you never knew existed? For many companies, the answer is, “More often than we’d like.” This is because you can’t protect what you can’t see. Full visibility across the entire software supply chain is a must for AppSec teams, but this comprehensive view across the attack surface can be elusive.
CVE-2024-50330: Ivanti Addresses Critical Severity RCE Vulnerability in Endpoint Manager
On October 12, 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE) by an unauthenticated attacker.