Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SQL injection is one of the most dangerous vulnerabilities for online applications. It occurs when a user adds untrusted data to a database query. For instance, when filling in a web form. If SQL injection is possible, smart attackers can create user input to steal valuable data, bypass authentication, or corrupt the records in your database. There are different types of SQL injection attacks, but in general, they all have a similar cause.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Wow, pretty much everything out in the clear. Oh boy.

Digital risks are an inevitable by-product of an expanding ecosystem, and an expanding ecosystem is essential to societies' progression into the fourth industrial revolution. This unsettling conundrum has given rise to a novel field of cybersecurity known as Digital RIsk Protection (DRP). But like all novel solutions, it can be difficult to identify the capable minority from the majority still finding their feet.

Digital risk protection (DRP) is the practice of protecting organizations from cyber threats during digital transformation. Rather than reacting to cyber threats after they're discovered, cybersecurity strategies must shift to a proactive approach to protection. This is the key to supporting ecosystem expansion while mitigating risk.

If you haven’t been living under a rock for the past few weeks, you've probably come across the recent Microsoft Exchange Server vulnerabilities and its associated exploits.Stop!!! The first thing you should do is to go and patch any Exchange servers you may be running, then you can come back and finish reading this blog. Microsoft's blog provides links to various tools to help in this regard.

What is a strategy? As defined by Merriam Webster…. ‘a carefully developed plan or method for achieving a goal or the skill in developing and undertaking such a plan or method.’ A cybersecurity strategy is extremely important, but many organizations lack a strategy, or they have not kept their strategy and subsequent roadmap current. A strategy is especially important in this day of digital transformation and for key initiatives like Zero Trust.

The financial industry’s digital transformation is highly reliant on applications, just like the rest of the software development ecosystem. This requires everyone involved to invest in application security management as part of the effort to protect their data and systems.

As part of Styra’s vision for unified authorization, we founded the Open Policy Agent project (OPA) to make policy-based control of the cloud-native stack accessible to everyone. OPA has now grown to become the de facto standard for authorization across the stack, leading to a large part of the community looking for ways to manage the OPA policy-as-code lifecycle.

When deploying applications in containers, developers are now having to take on responsibilities related to operating system level security concerns. Often, these are unfamiliar topics that, in many cases, had previously been handled by operations and security teams. While this new domain can seem daunting there are various tools and practices that you can incorporate into your workflow to make sure you’re catching and fixing any issues before they get into production.