SOC 2 Compliance for SaaS Startups & Top Pitfalls to Avoid
In this episode of SaaSTrana, Venky and Raghu, Co-Founder of Sprinto, discusses why SaaS companies should pay close attention to security measures to become SOC 2 compliant.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Indusface
Patching Vulnerabilities Within 24 hours
The average time of vulnerabilities remain open is 180+ days from the time it is discovered. When it comes to business growth vs security, business always wins, which means vulnerabilities are not patched on time allowing hackers to exploit them. However, most of these can be patched using Virtual patching. That too within 24 hours and ZERO impact to business continuity.
API4:2019 - Lack of Resources & Rate Limiting: The What, Sample Exploit, and Prevention Methods
Lack of resources & rate limiting is #4 on the OWASP Top 10 API Security Risks 2019. It is a prevalent API security risk. As per OWASP, rate limiting and resource-related flaws in APIs are quite easy to exploit, especially with automated toolkits and for-hire services. But the exploitation of the lack of resources & rate limiting flaws has severe consequences for the organization. So, what exactly is this security risk, and how do you prevent it?
API2:2019 Broken User Authentication: The What, Impact, Sample Exploit, and Prevention Methods
API2:2019 Broken User Authentication happens when an attacker bypasses an API’s authentication and authorization mechanisms and gains access to sensitive data or functionality that should only be available to authorized users.
The Explosion of APIs and Nuances of API Security | Kashi (Co-founder & CTO, Fitbots)
Here are some highlights of the conversation between Kashi (Co-founder & CTO, Fitbots OKRs) & Venky (Founder & CMO, Indusface). They discuss how the API adoption growth will lead to an exponential increase in API security needs. Adopting multiple business services & securely integrating with them will be the future for running a sustainable long-term business. They cover a bunch of other aspects in the SaaSTrana Podcast, like: - API security with dynamic endpoints
Dynamic Endpoints for API security | Kashi (Co-Founder & CTO Fitbots)
Here are some highlights of the conversation between Kashi (Co-founder & CTO, Fitbots OKRs) & Venky (Founder & CMO, Indusface). They discuss various methods of data protection and utilizing dynamic endpoints for API security.
A Sub-Domain Takeover Story, Two Questions for Every WAF Provider | Sunil Agrawal (CISO, Glean)
Overview: In this podcast, we have Sunil Agrawal (CISO, Glean), who has 22+ years of cybersecurity experience and 35+ patents in his name. He has worked in organizations like Adobe, Netflix, Motorola, Qualcomm, etc., and has seen the evolution of cybersecurity attacks and changes in hacker behavior over the years. He shares his experience of a sub-domain takeover and how it led him to build foundationally secured SaaS products.
19 Cybersecurity Trends Every CISO Must Prepare for in 2023
We saw numerous cybersecurity breaches in 2022. The attacks became more sophisticated, the bots got sneakier, and the cost of breaches multiplied. Yet, enterprises were underprepared to deal with the well-known threats. With the rise of new technologies and the increased adoption of remote work, cybercriminals have quickly adapted their tactics. They are now targeting businesses in ways never seen before.
What is XML External Entity, How to Find XXE Vulnerabilities and Patch Them
An XXE vulnerability is a security vulnerability that allows attackers to access sensitive data or execute malicious code in a web application. This happens when the application accepts XML input from an untrusted source and doesn’t properly validate it. An attacker can exploit this vulnerability by crafting a special XML input that includes a reference to an external resource (like a file or URL) that they control.
10 API Security Tips you must know
Cloud services have made the world a highly interconnected ecosystem. Enterprises leverage services (virtual and physical) provided by other enterprises rather than build them from scratch, creating a web of connected devices, applications, and users. An API is one such service. About Indusface: Indusface is a SaaS company that secures critical Web applications of 5000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine.