Intel’s Trust Authority is a new service that provides remote verification of the trustworthiness of a compute asset, based on attestation (cryptographic verification) and policy (a legitimate workload). This is a significant development for confidential computing, as it provides a way for organizations to independently verify the security of their workloads. Noname Security is excited to be a partner in the Intel Trust Authority program.
API flaws can cause several problems that can have negative consequences in production. These issues can range from security vulnerabilities, poor performance, and functionality errors. But most importantly, API flaws can lead to data breaches, system downtime, and damage to your company’s reputation. Therefore, it’s essential to thoroughly test and monitor APIs to detect and fix any flaws before they cause significant harm.
Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework (CSF). It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to v2.0, and how it applies to API security. Raj and Tim really dug deep into a lot of issues, and answered a lot of questions from the audience.
Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.
A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.