Progress has recently raised concerns about multiple vulnerabilities in their MOVEit Transfer secure managed file transfer solution. These vulnerabilities have been publicly disclosed within the past several weeks, and the most recent one was reported on June 15, 2023. Notably, the latest vulnerability is claimed to be a zero-day SQL injection vulnerability. If exploited by an attacker, these vulnerabilities can lead to unauthorized access to the MOVEit Transfer database.

Get Free Android App Penetration Testing Checklist With 2.9 million apps, the Android Play Store is the most widely adopted mobile operating system. With its vast opportunities, Android also draws the attention of malicious hackers who continuously seek to exploit weaknesses in mobile applications. Because of security concerns, Google has banned many apps from the Play Store. Building a secure Android app requires thorough mobile application penetration testing.

Introducing Self-Managed Rules, a new addition to our fully managed security suite! AppTrana empowers you to take control, allowing you to create, view, and manage the custom rules All By YOURSELF!

A zero-day vulnerability, denoted by the CVE identifier CVE-2023-30777, exposes a dangerous reflected cross-site scripting (XSS) flaw. This high-severity vulnerability has been discovered within the WordPress plugin (Advanced Custom Fields (ACF) and Advanced Custom Fields Pro). The CVE-2023-30777 exposes over 2 million installations to security risks, triggering widespread concern and anxiety among website owners and administrators.

Security misconfigurations are very common security risks, not just in web applications but also in APIs. They have been consistently part of the OWASP Top 10 Web Application Vulnerabilities. They were part of the original OWASP Top 10 API Security Risks published in 2019 and have now made it to the updated 2023 list. Security misconfiguration maintains its 7th rank in OWASP Top 10 API 2023RC owing to its widespread prevalence, easy exploitability, and easy detectability.

When was the last time you performed your cybersecurity audit? An audit of complete cybersecurity management, not a simple scan. If it has been longer than you remember, then you are probably at risk of being a victim of cyberattacks. As the world becomes increasingly interconnected, the risk of cyberattacks escalates. To safeguard against these threats, it is essential to have a robust cybersecurity management system in place.

We witness a sharp surge in website security risks, as highlighted in the latest State of Application Security Report for Q1 2023. AppTrana WAAP blocked 1 billion attacks across 1400+ websites under its protection. Every website is at risk, regardless of whether it is a simple blog, a portfolio showcase, a small cupcake business, or a dynamic e-commerce platform. Why would someone hack my website? How do hackers check if my website is hackable? How do websites get hacked?

41% of organizations suffered an API security incident, where a majority (63%) were data breaches. This is despite 90% of them using authentication policies in place, according to a survey by 451 Research. No surprises there, as authentication is just one piece of the API security puzzle. In this blog, we’ll cover the 12 methods that technology leaders need to incorporate to secure and protect APIs.

APIs are great for accessing specific functions and features, but what happens when they allow unauthorized access? Imagine a social media platform where users can share posts. To enable users to access posts, the platform provides an API that allows GET requests to retrieve posts by specifying the user ID and post ID. GET/api/v2.1/user/1438/posts?id=40. The API will return the 40th post for user id 1438. As these are public forums, any user can submit GET requests to access posts.

Most SaaS engineering teams use the CI/CD pipeline for software development. Since a CI/CD approach enables faster, more collaborative, and more efficient development processes, leading to higher-quality software. No wonder that this is popular. More frequent release cycles mean more opportunities for vulnerabilities to creep into the code. While DevOps teams are central to running a CI/CD pipeline, since application security is gaining importance, more engineering teams are adding DevSecOps teams.