%term

Account Takeover Vulnerability in Azure's API Management Developer Portal

Mar 8, 2023 By Tom Stacey In Outpost 24

How an Account Takeover vulnerability, discovered during a routine customer engagement, became a candidate for responsible disclosure, via the Microsoft Security Research Center Researcher Portal.

Read Post

Outpost 24

Read more about Account Takeover Vulnerability in Azure's API Management Developer Portal

Comparing Node.js web frameworks: Which is most secure?

Mar 8, 2023 By Vivek Maskara In Snyk

JavaScript is the world’s most popular programming language, providing many web frameworks that help developers build secure, reliable Node.js web applications. Each framework has unique features, and which framework is right for you depends on your preference and the type of application you intend to create. With so many frameworks available, you need a way to assess their security.

Read Post

Snyk

Read more about Comparing Node.js web frameworks: Which is most secure?

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Mar 8, 2023 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Proof-of-Concept Exploit Released for Critical Vulnerability in Microsoft Word (CVE-2023-21716)

Mar 8, 2023 By Adrian Korn In Arctic Wolf

On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to be of critical severity, Microsoft assessed at the time of publication that the vulnerability was “less likely” to be exploited, and no proof-of-concept exploit was available. Microsoft also noted that the vulnerability may be exploited through the Preview Pane in Microsoft Outlook.

Read Post

Arctic Wolf

Read more about Proof-of-Concept Exploit Released for Critical Vulnerability in Microsoft Word (CVE-2023-21716)

Microsoft Power Platform DLP Bypass Uncovered - Finding #3 - Custom Connectors

Mar 8, 2023 By Yuval Adler In Zenity

Hello everyone! I’m Yuval Adler, Customer Success Director at Zenity. I’m inviting you to read my blog series where I will share new Microsoft Power Platform DLP Bypass findings we uncovered.

Read Post

Zenity

Read more about Microsoft Power Platform DLP Bypass Uncovered - Finding #3 - Custom Connectors

Website Vulnerability Scanning Guide For Enterprises

Mar 7, 2023 By Nivedita James In Astra

Globally around 30,000 websites face a hack each day. Now multiply that by the days in a year and we have ourselves a whopping cause of concern.

Read Post

Astra

Read more about Website Vulnerability Scanning Guide For Enterprises

Snyk Workflows - Builds & Branching

Mar 7, 2023 By Snyk In Snyk

Snyk integrates with your IDEs, repos, workflows, and automation pipelines to add security expertise to your toolkit. The “menu” of options available to you is extensive, so we created this three-part series to get you started and running. What about when you need to compare different versions of code? This third session of the series covers the more advanced topic of builds and branching and more.

View Video

Snyk

Read more about Snyk Workflows - Builds & Branching

Mitigating path traversal vulns in Java with Snyk Code

Mar 6, 2023 By Brian Vermeer In Snyk

Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data.

Read Post

Snyk

Read more about Mitigating path traversal vulns in Java with Snyk Code

Wallarm Platform Demo: API Attack Perimeter Visibility

Mar 6, 2023 By Wallarm In Wallarm

Learn about our CVE Exposure capabilities, which provides in-depth insight into vulnerabilities and attacks against your APIs, and how to remediate these issues.

View Video

Wallarm

Read more about Wallarm Platform Demo: API Attack Perimeter Visibility

Wallarm Platform Demo: API Discovery & API Posture Management

Mar 6, 2023 By Wallarm In Wallarm

Learn how to discover all the APIs in your portfolio, based on actual traffic instead relying on schemas, including internal and external-facing endpoints, so you can protect them against OWASP Top-10 threats like Injections and BOLA, ensure sensitive data are protected against unintentional or malicious disclosure, and much more.

View Video