Technology

Balancing Security: When to Leverage Open-Source Tools vs. Commercial Tools

Nov 15, 2024 By Mackenzie Jackson In Aikido

When deciding what approach to use for security tooling, it seems like there are two choices. Like everything in security, there is more to unpack in reality. In this article I want to explore when open-source security tools should be used, when commercial tools are more effective, and if we can trust tools built from an open-source core.

Read Post

Aikido

Read more about Balancing Security: When to Leverage Open-Source Tools vs. Commercial Tools

Best practices for creating least-privilege AWS IAM policies

Nov 15, 2024 By Christine Le In Datadog

AWS Identity and Access Management (IAM) enables organizations to set up permissions policies for users and workloads that need access to cloud services and resources. But as your cloud environment scales, it can be challenging to create and audit IAM policies that work effectively without compromising security.

Read Post

Datadog

Read more about Best practices for creating least-privilege AWS IAM policies

Unlocking MSP Success: The Power of AI and Trusted Partnerships

Nov 15, 2024 By Tracy Hillstrom In WatchGuard

The cybersecurity landscape has evolved dramatically, placing IT managers under pressure to adapt. A 168% rise in evasive malware detected by WatchGuard in Q2 2024 underscores this shift, with threat actors following behavioral patterns and adopting attack techniques that become popular and dominate in waves.

Read Post

WatchGuard

Read more about Unlocking MSP Success: The Power of AI and Trusted Partnerships

Top 7 DAST Tools for Mobile Apps in 2025

Nov 15, 2024 By Rucha Wele In Appknox

A dynamic analysis tool for mobile apps is platform and language-agnostic, so you can use the same DAST tools for most applications. As they attack the application externally, they detect configuration issues that other application security testing tools may miss.

Read Post

Appknox

Read more about Top 7 DAST Tools for Mobile Apps in 2025

DXF Files for Metal Plasma Cutting

Nov 15, 2024 By SecuritySenses In SecuritySenses

Plasma cutting is an incredibly efficient technique for precisely shaping metal, making it a staple in industries ranging from automotive manufacturing to artistic fabrication. The process uses a plasma torch to cut through conductive metals such as steel, aluminum and copper with remarkable accuracy. A key component of modern plasma cutting is the DXF (Drawing Exchange Format) file, which serves as a detailed digital guide for the cutting equipment. In this article, we will look at how DXF files are used in metal plasma cutting, why they are so effective, and the key factors to consider when using DXF files for metal.

Read Post

SecuritySenses

Read more about DXF Files for Metal Plasma Cutting

Step 2. How to automatically generate fuzz tests with LLMs

Nov 14, 2024 By Code Intelligence In Code Intelligence

Creating high-quality fuzz tests is essential for efficient fuzz testing. However, crafting these tests is a time-consuming, manual process, which has become a major barrier to the widespread adoption of fuzz testing. Watch the video to see how CI Fuzz can automatically generate high-quality fuzz tests by leveraging LLMs and static analysis.

View Video

Code Intelligence

Read more about Step 2. How to automatically generate fuzz tests with LLMs

AI Governance and Global Cyber Resilience

Nov 14, 2024 By Rubrik In Rubrik

In this episode of CISO Conversations: EU Data Regulations, Richard Cassidy, EMEA Field CISO at Rubrik, is joined by Anu Bradford, Professor of Law at Columbia Law School, and Bronwyn Boyle, Chief Information Security Officer at PPRO. They discuss the importance of resilience and regulatory compliance as critical factors for organizations to manage their cyber threats and bolster cyber defense.

View Video

Rubrik

Read more about AI Governance and Global Cyber Resilience

Founder's Corner: Episode 3

Nov 14, 2024 By Salt Security In Salt Security

Welcome to Episode Three of Salt Security’s Podcast Series: Founder’s Corner Salt’s CEO and Co-founder, Roey Eliyahu, talks with Salt’s CMO, Michael Callahan, about the first step of the customer journey in API Security: Discovery (also known as the crawl stage). They dive into topics around Discovery (as well as Salt’s phases of Discovery), Data Security, Shadow and Zombie APIs, GenAI, and how Salt is utilizing AI.

View Video

Salt Security

API
Security

Read more about Founder's Corner: Episode 3

Dell's API Security Failure: How 49 Million Records Were Exposed #dell #DataBreach #dataleaks

Nov 14, 2024 By Wallarm In Wallarm

In this video, we examine two significant API security failures, each with devastating consequences. The first breach used a simple trial-and-error method, exploiting broken access control to impact 10 million users. In the Dell example, API abuse exploited a lack of validation and rate limiting, allowing an attacker, posing as a partner, to scrape 49 million records over several weeks. These cases highlight the importance of robust API security practices, especially for business processes and access control. Watch to learn key takeaways on protecting APIs from similar attacks.

View Video

Wallarm

API
Security

Read more about Dell's API Security Failure: How 49 Million Records Were Exposed #dell #DataBreach #dataleaks

Best practices for monitoring LLM prompt injection attacks to protect sensitive data

Nov 14, 2024 By Thomas Sobolik In Datadog

As developers increasingly adopt chain-based and agentic LLM application architectures, the threat of critical sensitive data exposures grows. LLMs are often highly privileged within their applications and related infrastructure, with access to critical data and resources, making them an alluring target for exploitation at the client side by attackers. In particular, LLM applications can be compromised to expose sensitive data via prompt injection attacks.

Read Post