Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API

Securing the Gateway - Mastering API Security in the Modern Web Landscape

Jan 31, 2024 By GitGuardian In GitGuardian
APIs are the backbone of modern web applications, yet we rarely assess security beyond the traditional WAFs and Gateways. In fact, in a recent scan of over 1.5k GraphQL endpoints revealed a staggering 46,000+ security issues and sensitive data leaks—all accessible without authentication, with 10% classified as critical. Due to API’s being widely used by developers, they have now become a favored attack vector for threat actors.
View Video
wallarm

Stopping Credential Stuffing Attacks: We Need to Do Better

Jan 31, 2024 By Wallarm In Wallarm
Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.
Read Post
wallarm

Server-Side Template Injection Vulnerability in Confluence Data Center and Server (CVE-2023-22527)

Jan 30, 2024 By Wallarm In Wallarm
On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server, identified as CVE-2023-22527. This issue found in older versions, poses a serious risk as it allows attackers without any authentication, to inject OGNL expressions. This means they could potentially run any code they want on the compromised system.
Read Post
wallarm

Introducing the Wallarm 2024 API ThreatStatsTM Report

Jan 29, 2024 By Wallarm In Wallarm
The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular updates, and the adoption of latest advanced security solutions.
Read Post
bearer

Introducing Bearer's Advanced GitLab Integration

Jan 24, 2024 By Guillaume Montard In Bearer
We are thrilled to announce the launch of Bearer's advanced GitLab integration! Building on the lessons learned from our successful GitHub App, this integration aims to revolutionize the GitLab experience for our customers, enhancing both the developer and security workflow.
Read Post

What is a Product Security Incident Response Team (PSIRT) - Importance and Best Practices

Jan 23, 2024 By Noname Security In Noname Security
PSIRT stands for Product Security Incident Response Team. It’s a team within an organization that handles and responds to security incidents related to its products or services. The main purpose of a PSIRT is to identify, assess, prioritize, and respond to vulnerabilities or threats that may impact the security of the organization’s offerings.
View Video
Featured Post
noname security

2024 Cybersecurity Predictions: The Continued Rise of AI and Regulation

Jan 18, 2024 By Karl Mattson, Field CISO In Noname Security
The last 12 months have been seismic for cybersecurity, with successful hacks and breaches continuing to make front-page news. The task of keeping networks and data safe is an ever-evolving one, with hackers and cybersecurity professionals in a constant state of cat-and-mouse as they try to outsmart one another. Events of the past year, including the widespread adoption of, and interest in, AI, as well as new geopolitical challenges, have had a profound impact. They provide some clues as to what 2024 might hold.
Read Post
salt security

API Risk Management: A Strategic Approach to API Risk Reduction

Jan 18, 2024 By Nick Rago In Salt Security
Could you imagine our interstate highway system without roadway bridges? I don’t think anyone would argue that bridges are not an essential part of an effective ground transportation network. So it doesn’t surprise me that when I ask people what makes a highway bridge “good,” I get quick responses with pretty consistent answers: guardrails, proper lighting, clear signage, smooth driving surface, lane markings, load capacity, structural integrity, and so on.
Read Post
salt security

The Debut of the Industry-First API Security Posture Management Engine

Jan 17, 2024 By Michael Callahan In Salt Security
Today, we’re thrilled to share that Salt has launched extended capabilities to our powerful platform, adding yet another industry-first technical advancement to our trophy case! (full announcement here.) Since its founding, Salt’s been on a mission to create a platform that can detect, prioritize and solve the most complex API security challenges and risks.
Read Post

What is Identity and Access Management (IAM) - Definition and Importance

Jan 12, 2024 By Noname Security In Noname Security
Identity and Access Management (IAM) provides a critical, foundational element of cybersecurity, which is the tracking of who users are and what each user is entitled to do in a digital environment. People tend to think of IAM as a solution, but it’s actually a framework that serves as the basis for solutions, along with a range of work processes.
View Video
Subscribe to API

Copyright © 2024 OpsMatters™. All rights reserved.