Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

In over 600 data breaches, 40 million individuals were affected across the globe due to the MOVEit Transfer vulnerability. Between June 2023 and the present day, healthcare information, educational records, financial records, personal information, Social Security numbers, and insurance details have been either stolen or wiped out by threat actors who abused the MOVEit Transfer vulnerability.

Dell disclosed a Compellent vulnerability affecting VMware users. Let's take a closer look to learn to safeguard your data, prevent coding mishaps, and ensure online security.

Many organizations find it challenging to locate and fix the vulnerabilities in their containers. But the team at Okta knew that securing the containers that support Auth0 (their identity and access (management platform), was imperative. The team also knew these security processes had to be developer-friendly: making finding and fixing container vulnerabilities as simple as possible.

Repairing a weakness in your IT environment is always easier than dealing with the consequences of that weakness — like, say, a massive data breach — sometime later. This means your security team must be proficient at finding those weaknesses and assessing your IT environment’s vulnerabilities. Those vulnerabilities can include weak passwords, poor patch management, and lax security training.

Cross-Site Scripting (XSS) is a web security vulnerability that happens when cybercriminals inject client-side scripts into web pages accessible by other users. These scripts compromise the web page and allow cybercriminals to inject malicious scripts into a user’s browser, leading to the exposure of data, session hijacking or manipulation of the web page’s content and functionality.

Have you ever found yourself worrying about the safety of your data? In the contemporary digital-first world, where cyber threats only seem to be growing more sophisticated, such concerns hardly come as a surprise.

Developing quality software applications can be arduous, as many moving parts must come together to create a working solution. That’s why developers need all the help and convenience they can get, especially when securing their applications. Visual Studio Code (VS Code) is one of the most popular open source code editors for various reasons.

Containers bring new flexibility and agility to software development and deployment. However, they also introduce a new attack surface that malicious actors can exploit. A compromised container can give an attacker access to other containers and even the host system. Smaller images that contain fewer artifacts are already a great help in achieving a smaller attack surface.

CISA added CVE-2023-24489 to the Known Exploited Vulnerabilities Catalog in August 2023. CVE-2023-24489 is an access control vulnerability impacting the use of Citrix ShareFile StorageZones Controller version 5.11.24 and below. Citrix ShareFile is a real-time collaboration platform. While ShareFile primarily offers a cloud-based file-sharing application, there are some features that accommodate data storage through the use of a storage zone controller.