Vulnerability

Preventing SQL injection attacks in Node.js

Feb 20, 2024 By Lucien Chemaly In Snyk

As reliance on software systems continues to grow, so does the emergence of numerous security threats. One notable threat for developers, especially those working with Node.js, is SQL injection. SQL injection is a malicious attack where nefarious SQL code is injected into a system, exposing sensitive information, corrupting or deleting data, and sometimes, granting unauthorized access to attackers.

Read Post

Snyk

Read more about Preventing SQL injection attacks in Node.js

Cross-site scripting attacks in action and how to protect against them

Feb 19, 2024 By Agon Hysenaj In Outpost 24

Cross-Site Scripting (XSS) attacks pose a significant security threat by infiltrating an application’s input fields with malicious code snippets. When users access the affected pages, this code is executed in their browsers, putting their sensitive information at risk. The malicious content injected into the web browser can take various forms, including JavaScript, HTML, Flash, or any other executable code.

Read Post

Outpost 24

Read more about Cross-site scripting attacks in action and how to protect against them

What is OWASP penetration testing?

Feb 16, 2024 By The Redscan Team In Redscan

OWASP pen testing is the assessment of web applications to identify vulnerabilities outlined in the OWASP Top Ten. An OWASP pen test is designed to identify, safely exploit and help address these vulnerabilities so that risks can be mitigated before they are exploited by adversaries.

Read Post

Redscan

Read more about What is OWASP penetration testing?

Bleeding Credit Unions Dry: The Story of Sloppy and Broken Operations

Feb 16, 2024 By CISO Global In CISO Global

How vulnerable are credit unions, the bedrock of community finance, to rapidly advancing cyber threats? Very. Join CISO Global's Chris Clements, Tigran Safari, James Montagne, and special guest Iwona Karpeta as they discuss recent attacks against credit unions, how they responded, and how their customers were impacted. Speakers: Chris Clements is the VP of Solutions Architecture for CISO Global. Chris has spent more than two decades working in the information security field and has a wide range of experience, including business management, sales, product, and service delivery.

View Video

CISO Global

Read more about Bleeding Credit Unions Dry: The Story of Sloppy and Broken Operations

Threat Context Monthly: Executive intelligence briefing for February 2024

Feb 16, 2024 By KrakenLabs In Outpost 24

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

Read Post

Outpost 24

Read more about Threat Context Monthly: Executive intelligence briefing for February 2024

Mitigate vulnerabilities from third-party libraries with Datadog Software Composition Analysis

Feb 15, 2024 By Mallory Mooney In Datadog

Mitigating application vulnerabilities throughout the software development life cycle (SDLC) is critical—and challenging, especially as applications rely more and more on third-party, open source software (OSS). With this type of architecture, teams often don’t know exactly where vulnerabilities exist in their code, which of those vulnerabilities are actively exposed in production services, and which vulnerabilities are more critical to address than others.

Read Post

Datadog

Read more about Mitigate vulnerabilities from third-party libraries with Datadog Software Composition Analysis

Snyk & ServiceNow

Feb 15, 2024 By Snyk In Snyk

Did you know that up to 90 percent of modern software uses open source software? Often SecOps, AppSec and IT teams don’t have a complete view of their application security risk across the organization. The Snyk and ServiceNow integration efficiently finds, prioritizes, and tracks vulnerabilities in open source dependencies to get a complete view of your application security posture and drive smarter, faster fixes in ServiceNow workflows.

View Video

Snyk

Read more about Snyk & ServiceNow

Beyond the noise: runtime-based vulnerability management for effective threat control

Feb 15, 2024 By Yossi Ben Naim In ARMO

In an ideal world, patching every vulnerability before attackers discover them would be a breeze. The reality of the evolving cloud-native landscape, with its ever-changing mix of cloud, DevOps, mobile, and critical infrastructure, paints a different picture. New risks emerge constantly, leaving traditional vulnerability management approaches struggling to keep up. Meanwhile, Security and DevOps teams face ongoing pressure to protect their organizations from vulnerabilities.

Read Post

ARMO

Read more about Beyond the noise: runtime-based vulnerability management for effective threat control

National Cyber Security Centre (NCSC) Vulnerability Management Guidance Checklist

Feb 15, 2024 By Kevin Swartz In Nucleus

As of February 12, 2024, the National Cyber Security Centre (NCSC) has released Version 2.0 of its vulnerability management guidance. This update provides organizations with the latest strategies and practices to identify, assess, and manage cybersecurity vulnerabilities effectively. The NCSC’s updated guidance on vulnerability management outlines the importance of proactively managing vulnerabilities to secure technical estates.

Read Post

Nucleus

Read more about National Cyber Security Centre (NCSC) Vulnerability Management Guidance Checklist

Cryptographic failures | OWASP TOP 10

Feb 15, 2024 By VISTA InfoSec In VISTA InfoSec

In this video, we'll delve into the world of cryptography and explore the ever-evolving landscape of cryptographic failures. We'll start by examining the shift in the OWASP Top 10 from "Sensitive Data Exposure" (A03:2017) to "Cryptographic Failures" (A02:2021), highlighting the growing importance of proper cryptographic implementation in securing sensitive data.

View Video