Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API

Top 5 Data Breaches That Cost Millions

“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO of Apple Inc. The entire digital landscape has evolved into a behemoth of sorts as the number of online attacks targeting individuals, businesses, and governments has risen steadily.

GoTestWAF - Quick start with Docker and PDF report

GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, and others.
Featured Post

Utilities and Energy a Prime Target For API Security Incidents

As a critical element of national infrastructures worldwide, the energy and utilities sector literally keeps the lights on in today's world. When water, gas, or electricity is cut off from businesses and families, it can have catastrophic consequences. To improve resilience and guarantee service uptime, energy and utilities companies know that digitisation is key to transforming the services they deliver, but aging technology stacks, a lack of interoperability and collaboration, and poor security hygiene are all limiting progress.

Implementing the NIST Cybersecurity Framework (CSF) 2.0 with AI augmented API Security

The updated NIST Cybersecurity Framework (CSF) 2.0 was published February 26, 2024. Previously, this content was also known as the “Framework for Improving Critical Infrastructure Cybersecurity.” As stated in the framework: In summary, the updated NIST Cybersecurity Framework is organized into the following functional categories.

Test and evaluate your WAF before hackers

Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few technologies, such as NG-WAF, RASP, WAAP, and a few others, have internal WAF capabilities, which prevent web applications and API threats.

Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.

API Security: Providing A Common Thread Across Agency Environments

The deadline is approaching for U.S. government agencies to adhere to a Federal zero trust architecture (ZTA) strategy, as outlined in the 2022 Office of Budget Management (OMB) memorandum on Zero Trust cybersecurity principles. By the end of fiscal year 2024, agencies will be required to meet specific cybersecurity standards and objectives, according to the OMB memorandum (M-22-09).

Salt Security, API Posture Governance, and the NIST Cybersecurity Framework 2.0

Securing organizations against today’s most advanced threats continues to be challenging, with APIs (Application Programming Interfaces)playing an increasingly central and vulnerable role, especially as digital transformation marches on. The NIST Cybersecurity Framework 2.0 (CSF) release underscores the urgency of addressing evolving threats and now emphasizes the importance of governance in Cybersecurity.