We know that most security teams today handle a backlog of thousands of vulnerabilities. We also know that not all of these vulnerabilities pose a significant risk to your organization, whether or not they have a high severity score or are present on a business-critical asset. We’ve spoken with dozens of security teams over the last few months and have learned that filtering vulnerabilities across several factors is critical to accelerating remediation.
Amazon Web Services (AWS) remains the dominant cloud provider, with 40.8% of the market share. Many enterprises and organizations today have some, if not most, of their infrastructure on Amazon Web Services. AWS helps organizations accelerate their digital transformations and innovate faster, but there are common misconfigurations when moving to AWS.
Developers use open source code because it facilitates fast development. In fact, the vast majority of code in modern applications is open source. But just like any other code, open source libraries are open to vulnerabilities that can negatively affect a wide range of end-user products. So with widespread usage of open source, it's important for teams to be aware of the risks that can be hidden in the libraries they use.
Vulnerability scanning doesn't just alert you to your network's weaknesses. Here's how it can help identify various threats, prevent attacks and mitigate risk.
The recent OpenSSH double-free vulnerability – CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms – Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.
Cross-Site Scripting (XSS) is a type of vulnerability that involves manipulating user interaction with a web application to compromise a user's browser environment. These vulnerabilities can affect many web apps, including those built with modern frameworks such as Django. Since XSS attacks are so prevalent, it's essential to safeguard your applications against them. This guide discusses how XSS vulnerabilities originate in Django apps and what you can do to mitigate them.
The United States Department of Defense (DoD) discovered in February that one of its servers had been sharing U.S. military emails openly on the internet for over two weeks without anyone noticing. This vulnerability affected U.S. Special Operations Command and other DoD customers. Shockingly, plain-text email conversations were exposed and accessible to anyone who knew the IP address of the unsecured server.
The OWASP API project has recently decided to refresh the popular API Security Top 10 threat map. The team at Salt Security has always been actively involved in this project, having been a key contributor to the initial creation of the list. And we continue to be deeply involved in the thinking process, data gathering, and brainstorming in updating it. As of the writing of this post, the final version of API Security Top 10 2023 has not been officially released.
