Takeaways from OWASP Global AppSec SF 2024, covering security tools, AI risks, and strategies for improving application security while empowering developers.

Most modern applications contain a substantial number of open source packages, libraries, and frameworks. In fact, it's estimated that at least 80% of the source code in modern applications is from open source. In addition to relying heavily on commodity components to build applications, development teams often deploy these apps and services via community-sourced container base images.

There’s no way around it: vulnerability management is complex. As organizations become more reliant on software and applications, the sheer volume of known vulnerabilities has become more difficult to track, prioritize, and remediate. Adversaries have also become increasingly reliant on exploiting vulnerabilities in order to compromise organizations.

Unfortunately, once your information has been put on the dark web, you cannot remove it. Despite this, you can still protect your personal information and identity by changing your passwords, enabling Multi-Factor Authentication (MFA) and monitoring your online accounts for suspicious activity. Continue reading to learn how to tell if your information is on the dark web and what you can do to protect yourself if it is.

MSSPs have huge potential for growth as more and more companies turn to experts to outsource their cybersecurity. Tailwinds such as escalating cyber threats, the need to protect more customer data than ever before, and growing compliance requirements are driving the managed security services market’s growth at a compound annual growth rate of 15.4% from 2023 to 2030.

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.

APIs are crucial in our digital world, but they also introduce new vulnerabilities. Attackers often exploit these vulnerabilities by concealing malicious payloads within encrypted traffic, rendering them undetectable to traditional security tools. As we observe Cybersecurity Awareness Month, it's important to emphasize the significance of advanced solutions that can detect hidden threats.

The rise of cloud-based software applications has changed the way many companies operate. Leveraging SaaS platforms allows organizations to streamline their workflows and better accommodate remote and hybrid workforces. However, spreading your data throughout the cloud can leave it vulnerable — unless you have strong SaaS security practices in place.

Yubico has published a survey of 20,000 people from 10 countries around the world, finding that 40% of respondents have never received cybersecurity training from their employer. Additionally, 70% of respondents said they’ve been exposed to cyber attacks in their personal lives within the past 12 months, and 50% faced cyber attacks at work.