%term

What Are Parameter Tampering Attacks?

Mar 8, 2023 By Katrina Thompson In Tripwire

APIs will continue to drive business and accelerate digital transformation this year to the extent that nearly no other technology can; according to the 19th Developer Economics survey by Slashdata, almost 90% of all developers use APIs. This makes them a target for attackers who aren’t afraid to engage in any tactic, especially tried-and-true methods like parameter tampering attacks - malicious API attack traffic surged 117% from 2021 to 2022.

Read Post

Tripwire

Read more about What Are Parameter Tampering Attacks?

Webinar - Secure your IaC, infastrucutre as code best practices for security

Mar 8, 2023 By GitGuardian In GitGuardian

The cloud revolution has taken the world, and programming languages, by storm! In 2022, HCL, the HashiCorp Configuration Language, driven by the popularity of Terraform and Infrastructure-as-Code practices, became the #1 fastest-growing language on GitHub! Who would’ve expected that ten years ago?!

View Video

GitGuardian

Read more about Webinar - Secure your IaC, infastrucutre as code best practices for security

Unlock 1Password with Okta

Mar 8, 2023 By 1Password In 1Password

Unlock with Okta is now available for all 1Password Business customers, with Azure and Duo support coming soon. It’s SSO built the Password way: with careful consideration for your privacy and security. And setup is simple for both admins and team members.

View Video

1Password

Read more about Unlock 1Password with Okta

How Protecting Your APIs Protects Your Bottom Line

Mar 8, 2023 By Salt Security In Salt Security

Several big-name API breaches have been in the news over the past few years, but API attacks happen every single day and typically don't make the headlines. Securing your APIs is no longer a luxury, but it’s also not just a burden. This short video shares how protecting your APIs opens the door to real business value.

View Video

Salt Security

API
Security

Read more about How Protecting Your APIs Protects Your Bottom Line

Android apps in the PlayStore are leaking their credentials and secrets

Mar 8, 2023 By GitGuardian In GitGuardian

How many android applications on the play store are leaking their credentials and secrets! The answer comes from independent research conducted by Cybernews which shows nearly half of all applications on the Play Store are leaking secrets. Vincentas Baubonis, a security researcher from CyberNews joined GitGuardian on a Webinar to detail some research they conducted exploring how android applications are leaking secrets.

View Video

GitGuardian

Read more about Android apps in the PlayStore are leaking their credentials and secrets

Getting started: Unlock 1Password with Okta

Mar 8, 2023 By 1Password In 1Password

Unlock with Okta is now available for all 1Password Business customers, with Azure and Duo support coming soon. It’s SSO built the Password way: with careful consideration for your privacy and security. And setup is simple for both admins and team members.

View Video

1Password

Read more about Getting started: Unlock 1Password with Okta

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Mar 8, 2023 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Getting Rid of Shared Secrets: The Major Design Flaw of All CI Systems

Mar 8, 2023 By Noah Stride In Teleport

If you’re a developer, devops or security engineer whose continuous integration (CI) systems rely on shared secrets for access management, you probably know firsthand the security risks that shared secrets present.

Read Post

Teleport

Read more about Getting Rid of Shared Secrets: The Major Design Flaw of All CI Systems

Proof-of-Concept Exploit Released for Critical Vulnerability in Microsoft Word (CVE-2023-21716)

Mar 8, 2023 By Adrian Korn In Arctic Wolf

On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to be of critical severity, Microsoft assessed at the time of publication that the vulnerability was “less likely” to be exploited, and no proof-of-concept exploit was available. Microsoft also noted that the vulnerability may be exploited through the Preview Pane in Microsoft Outlook.

Read Post

Arctic Wolf

Read more about Proof-of-Concept Exploit Released for Critical Vulnerability in Microsoft Word (CVE-2023-21716)

Account Takeover Vulnerability in Azure's API Management Developer Portal

Mar 8, 2023 By Tom Stacey In Outpost 24

How an Account Takeover vulnerability, discovered during a routine customer engagement, became a candidate for responsible disclosure, via the Microsoft Security Research Center Researcher Portal.

Read Post