Chat Generative Pre-trained Transformer (ChatGPT) is now available on the official Google Chrome store as a browser extension, giving you easy access to this sophisticated chatbot. How exciting does that sound? Read the full story here.

I recently had the pleasure of joining Marina Novikova, partner solutions architect from AWS in a webinar to discuss the key principles for building modern application security programs. We explored the big issues facing AppSec today, and why many companies are taking a new approach. As the world becomes increasingly application-driven, security can no longer be simply a box-ticking exercise for compliance purposes. It must do much more to ensure that software is delivered safely.

Penetration testing is, perhaps, the most effective method to make your web and mobile app more resilient to attacks. No wonder penetration testing is expected to become a $4.5 billion industry by 2025. While penetration testing is powerful, finding the right Pentester can be tiring. And if you end up hiring the wrong individual/company, you might risk your app's security even further. However, we got you covered.

According to the Open Web Application Security Project (OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern application programming interfaces (APIs). It can be exciting to pursue innovations in the API area, but while doing so, programmers must ensure that they are adequately attentive to security concerns and that they develop protocols that can address such concerns.

The recent OpenSSH double-free vulnerability – CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms – Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.