Vulnerability

Account Takeover Vulnerability in Azure's API Management Developer Portal

Mar 8, 2023 By Tom Stacey In Outpost 24

How an Account Takeover vulnerability, discovered during a routine customer engagement, became a candidate for responsible disclosure, via the Microsoft Security Research Center Researcher Portal.

Read Post

Outpost 24

Read more about Account Takeover Vulnerability in Azure's API Management Developer Portal

Website Vulnerability Scanning Guide For Enterprises

Mar 7, 2023 By Nivedita James In Astra

Globally around 30,000 websites face a hack each day. Now multiply that by the days in a year and we have ourselves a whopping cause of concern.

Read Post

Astra

Read more about Website Vulnerability Scanning Guide For Enterprises

Snyk Workflows - Builds & Branching

Mar 7, 2023 By Snyk In Snyk

Snyk integrates with your IDEs, repos, workflows, and automation pipelines to add security expertise to your toolkit. The “menu” of options available to you is extensive, so we created this three-part series to get you started and running. What about when you need to compare different versions of code? This third session of the series covers the more advanced topic of builds and branching and more.

View Video

Snyk

Read more about Snyk Workflows - Builds & Branching

Mitigating path traversal vulns in Java with Snyk Code

Mar 6, 2023 By Brian Vermeer In Snyk

Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data.

Read Post

Snyk

Read more about Mitigating path traversal vulns in Java with Snyk Code

Preparing for the Soon to be Updated OWASP API Security Top 10

Mar 6, 2023 By Filip Verloy In Noname Security

The Open Web Application Security Project (OWASP) is a global non-profit organization dedicated to improving the security of software. The OWASP foundation first released a list of the top 10 security risks faced by APIs in 2019. Although 4 years is an extremely long time when it comes to computing, the fact remains that most organizations are still in the process of putting better API security controls in place to protect against the 2019 Top 10.

Read Post

Noname Security

Read more about Preparing for the Soon to be Updated OWASP API Security Top 10

Wallarm Platform Demo: API Attack Perimeter Visibility

Mar 6, 2023 By Wallarm In Wallarm

Learn about our CVE Exposure capabilities, which provides in-depth insight into vulnerabilities and attacks against your APIs, and how to remediate these issues.

View Video

Wallarm

Read more about Wallarm Platform Demo: API Attack Perimeter Visibility

Wallarm Platform Demo: API Discovery & API Posture Management

Mar 6, 2023 By Wallarm In Wallarm

Learn how to discover all the APIs in your portfolio, based on actual traffic instead relying on schemas, including internal and external-facing endpoints, so you can protect them against OWASP Top-10 threats like Injections and BOLA, ensure sensitive data are protected against unintentional or malicious disclosure, and much more.

View Video

Wallarm

Read more about Wallarm Platform Demo: API Discovery & API Posture Management

OWASP Top 10: Injection

Mar 3, 2023 By Synopsys Cybersecurity Research Center In Synopsys

Listed as #3 on the OWASP Top 10 list, injection occurs when an attacker sends malicious data to an app to make it do something it’s not supposed to do. Check out the OWASP Top 10 video series.

Read Post

Synopsys

Read more about OWASP Top 10: Injection

Resolving CVE-2022-1471 with the SnakeYAML 2.0 Release

Mar 3, 2023 By Nova In Veracode

In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw.

Read Post

Veracode

Read more about Resolving CVE-2022-1471 with the SnakeYAML 2.0 Release

This Week in VulnDB - The Big Fix Edition

Mar 3, 2023 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video