Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2024

bearer

Step-by-Step: Integrating SAST into Your Development Workflow

Jan 31, 2024 By Guillaume Montard In Bearer
When it comes to software development, prioritizing security is essential. Static Application Security Testing (SAST) plays a key role in this by thoroughly analyzing your source code to identify potential vulnerabilities. It's like having a constant code reviewer focused on security, ensuring that your application is protected from the earliest stages of development.
Read Post
alienvault

Bulletproofing the retail cloud with API security

Jan 31, 2024 By Devin Partida In AT&T Cybersecurity
Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability.
Read Post

Securing the Gateway - Mastering API Security in the Modern Web Landscape

Jan 31, 2024 By GitGuardian In GitGuardian
APIs are the backbone of modern web applications, yet we rarely assess security beyond the traditional WAFs and Gateways. In fact, in a recent scan of over 1.5k GraphQL endpoints revealed a staggering 46,000+ security issues and sensitive data leaks—all accessible without authentication, with 10% classified as critical. Due to API’s being widely used by developers, they have now become a favored attack vector for threat actors.
View Video
wallarm

Stopping Credential Stuffing Attacks: We Need to Do Better

Jan 31, 2024 By Wallarm In Wallarm
Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.
Read Post
wallarm

Server-Side Template Injection Vulnerability in Confluence Data Center and Server (CVE-2023-22527)

Jan 30, 2024 By Wallarm In Wallarm
On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server, identified as CVE-2023-22527. This issue found in older versions, poses a serious risk as it allows attackers without any authentication, to inject OGNL expressions. This means they could potentially run any code they want on the compromised system.
Read Post
wallarm

Introducing the Wallarm 2024 API ThreatStatsTM Report

Jan 29, 2024 By Wallarm In Wallarm
The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular updates, and the adoption of latest advanced security solutions.
Read Post
bearer

Introducing Bearer's Advanced GitLab Integration

Jan 24, 2024 By Guillaume Montard In Bearer
We are thrilled to announce the launch of Bearer's advanced GitLab integration! Building on the lessons learned from our successful GitHub App, this integration aims to revolutionize the GitLab experience for our customers, enhancing both the developer and security workflow.
Read Post
salt security

API Risk Management: A Strategic Approach to API Risk Reduction

Jan 18, 2024 By Nick Rago In Salt Security
Could you imagine our interstate highway system without roadway bridges? I don’t think anyone would argue that bridges are not an essential part of an effective ground transportation network. So it doesn’t surprise me that when I ask people what makes a highway bridge “good,” I get quick responses with pretty consistent answers: guardrails, proper lighting, clear signage, smooth driving surface, lane markings, load capacity, structural integrity, and so on.
Read Post
salt security

The Debut of the Industry-First API Security Posture Management Engine

Jan 17, 2024 By Michael Callahan In Salt Security
Today, we’re thrilled to share that Salt has launched extended capabilities to our powerful platform, adding yet another industry-first technical advancement to our trophy case! (full announcement here.) Since its founding, Salt’s been on a mission to create a platform that can detect, prioritize and solve the most complex API security challenges and risks.
Read Post
salt security

API Predictions for 2024

Jan 12, 2024 By Michael Nicosia In Salt Security
Is Salt Security a fortune teller? We’re not sure if we’d go as far as to say that, but we certainly have had our fair share of precognitive moments. In today’s virtual age where everyone is utilizing and relying on digital landscapes, people’s data is constantly being put online. As technology advances and more people go online, bad actors and cyber threats use vulnerabilities in Application Programming Interfaces (APIs) to get access to sensitive data.
Read Post
bearer

Empowering Security Champions with Modern Static Application Security Testing (SAST)

Jan 9, 2024 By Guillaume Montard In Bearer

Over the past two decades, as organizations have increasingly strived to integrate security into their development processes, the role of Security Champions has evolved from an informal position to one of strategic importance. They are now responsible for prioritizing security in their projects, leveraging powerful tools like Static Application Security Testing (SAST) to achieve this goal.

Read Post
wallarm

Addressing the Rising Threat of API Leaks

Jan 3, 2024 By Wallarm In Wallarm

In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address. The digital era has amplified these challenges, with APIs becoming central to the operational fabric of numerous enterprises.

Read Post

The Darkside of GraphQL

Jan 3, 2024 By Datadog In Datadog
GraphQL is a query language for APIs that provides a powerful and efficient way to query and manipulate data. As powerful and versatile as GraphQL is, its downside is that it can be vulnerable to certain security threats. In this presentation, we will discuss the security vulnerabilities associated with GraphQL, from the basics to more advanced threats, and how to best protect against them. After this presentation, attendees will have a better understanding of security vulnerabilities in GraphQL, as well as an understanding of the steps needed to protect against them.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.