Wallarm Platform Demo: API Attack Perimeter Visibility
Learn about our CVE Exposure capabilities, which provides in-depth insight into vulnerabilities and attacks against your APIs, and how to remediate these issues.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Vulnerability
Wallarm Platform Demo: API Discovery & API Posture Management
Learn how to discover all the APIs in your portfolio, based on actual traffic instead relying on schemas, including internal and external-facing endpoints, so you can protect them against OWASP Top-10 threats like Injections and BOLA, ensure sensitive data are protected against unintentional or malicious disclosure, and much more.
OWASP Top 10: Injection
Listed as #3 on the OWASP Top 10 list, injection occurs when an attacker sends malicious data to an app to make it do something it’s not supposed to do. Check out the OWASP Top 10 video series.
Resolving CVE-2022-1471 with the SnakeYAML 2.0 Release
In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw.
This Week in VulnDB - The Big Fix Edition
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.
Critical RCE Vulnerability in Multiple Cisco IP Phones: CVE-2023-20078
On Wednesday, March 1, 2023, Cisco published an advisory of a critical severity vulnerability impacting 6800, 7800, and 8800 series IP phones. The vulnerability allows for unauthenticated execution of arbitrary code. The vulnerability was responsibly disclosed to Cisco by a security researcher, and security patches are available to remediate the vulnerability.
OWASP Top 10 - Breakdown
This blog is a breakdown of the OWASP Top 10 application security risks. The Top 10, developed by OWASP (Open Web Application Security Project), provides an up-to-date list of the most critical web application security risks that websites and applications must address.
Snyk in 30: Developer-first security democast
In our latest Snyk in 30 democast, I demonstrated working on an app, starting in an IDE and going all the way to the live app deployed in the cloud. Along the way, I showed how Snyk fits into the tools a real developer might use. Specifically, I focused on the practical aspects of implementing Snyk in a real-world development and cloud environment, answering questions like: I’ll cover some of the main highlights from the presentation in this blog post.
OAuth security gaps at Booking.com (now remediated)
This short video explains how Salt Labs researchers identified several critical security flaws on the popular travel site Booking.com. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user such as booking or canceling reservations and ordering transportation services.
Stranger Danger: Your JavaScript Attack Surface Just Got Bigger
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.