Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2023

Secure cloud-native apps and APIs at the speed your business demands

The cloud-native development model entered the mainstream in recent years, with technologies such as microservices and serverless computing, containers, APIs, and infrastructure-as-code (IaC) at the forefront of this trend. Thanks to these emerging technologies, organizations can build and run their apps fast, in a distributed manner, and without reliance on physical hardware infrastructures.

Harnessing the Magic of API: Turbocharging Business Automation

In the bustling metropolis of the modern digital realm, there's a quiet revolution taking place. Businesses, from local startups to multinational corporations, are embracing an unseen hero that propels them to new heights: the Latenode API. But what is this mysterious force, and why is it setting the business world alight?

Announcing beta support for PHP, alpha for Go and Python

PHP holds the bar as one of the most popular and sought-after technologies for web development. As W3Techs shows, PHP code is running on 76.8% of all websites around the globe. We are very excited to announce that the latest version of Bearer now supports PHP in Beta, with more than 50 rules already available, providing a good level of security risks and vulnerabilities coverage. For the PHP support in this release, we have included a strong focus on the popular Symfony framework.

The growth of APIs attracts Cybercrime: How to prepare against cyber attacks

Application Programming Interfaces (APIs) have profoundly transformed the internet's fabric. In the pre-API era, digital interactions were limited by siloed systems functioning in isolation. APIs dismantled these barriers by introducing a universal language that diverse applications could comprehend. This linguistic bridge facilitated an unprecedented level of interconnectivity between software entities.

Oh-Auth - Abusing OAuth to take over millions of accounts

OAuth (Open Authorization) is one of the fastest adopted technologies in the AppSec domain. From its first introduction in 2006, as an attempt to introduce a standard authorization protocol, it has become one of the most popular protocols for both user authorization and authentication, and it’s being used by almost every major web service and website today. One of the reasons for its huge popularity is its ease of implementation.

OAuth security gaps at Grammarly (now remediated)

This short video explains how Salt Labs researchers identified several critical security flaws on the popular site - Grammarly. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user. All issues were reported to Grammarly and have been resolved with no evidence of these flaws being actively exploited in the wild. In the research, they also found similar vulnerabilities in Vidio.com and Bukalapak.com.

Elevating Enterprise API Security with Wallarm for MuleSoft Anypoint Platform

In an age characterized by digital transformation, APIs serve as the backbone of modern applications, enabling diverse systems to communicate and share data seamlessly. This widespread API adoption, however, exposes organizations to a considerable attack surface, inviting the attention of cyber adversaries searching for vulnerabilities to exploit.

2023 OWASP Top-10 Series: Wrap Up

Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude this series, it's time to summarize and offer some practical guidance for security practitioners looking to bolster API security in their organizations.

The Latest Trends in API Security: The 2023 OWASP API Security Top Ten

The Open Web Application Security Project (OWASP) has published the latest edition of its API Security Top Ten, which was first published in 2019. The Top Ten is a significant daughter list of the OWASP Top Ten, which is one of the most definitive lists of the most severe web application risks. Why is this important? What are its main findings? And what does this mean for application security?

Bearer Demo | Developer-first SAST Solution | 1-Minute Overview

Discover Bearer in just 60 seconds! Dive into the future of code security with our developer-first SAST solution. Bearer seamlessly integrates with your CI/CD pipeline, ensuring fast, accurate, and super-charged privacy scans for your codebase. Experience the revolutionized potential of SAST that truly understands your security needs. Get ready to redefine what code security can do for you!

2023 OWASP Top-10 Series: Spotlight on Injection

Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might have missed, click here. This post will put a spotlight on Injection, which used to be its own category (OWASP API8:2019) but has now been subsumed into OWASP API10:2023 (Unsafe Consumption of APIs).

Gartner predicted APIs would be the #1 attack vector - Two years later, is it true?

Over the last few years, APIs have rapidly become a core strategic element for businesses that want to scale and succeed within their industries. In fact, according to recent research, 97% of enterprise leaders believe that successfully executing an API strategy is essential to ensuring their organization’s growth and revenue.

NSA & CISA joint advisory for Web Application Access Control Abuse

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about Insecure Direct Object Reference (IDOR) vulnerabilities.