%term

How to easily install & run OWASP ZAP tool in the Jit platform.

Sep 18, 2023 By Jit In Jit

Welcome to Jit! In this video, we'll help you configure and run the ZAP tool in three easy steps. First, let's head to the "My Plan" page. Once in, we will scroll down to the "Web Application Security" section and press on the "Web App DAST" plan item. The "Item details" window will appear, and we can check the information. And once we are ready to configure ZAP, we will press the "Activate Security Control" button...

View Video

Jit

Read more about How to easily install & run OWASP ZAP tool in the Jit platform.

2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

Sep 16, 2023 By Wallarm In Wallarm

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration

You Can't Win: Learning to Live with Security Pessimism

Sep 15, 2023 By Alex Reid, Product Architect In 11:11 Systems

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognise the absence of a breach? But this isn't a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

Read Post

11:11 Systems

Read more about You Can't Win: Learning to Live with Security Pessimism

Three Recent Examples of Why You Need to Know How Vulnerable Your Secrets Are

Sep 15, 2023 By Nicolas DANJON In GitGuardian

In today's digital landscape, the issue of compromised credentials has become a major concern. Discover how renowned companies like Microsoft, VMware, and Sourcegraph were recently confronted with the threats of secrets sprawling.

Read Post

GitGuardian

Read more about Three Recent Examples of Why You Need to Know How Vulnerable Your Secrets Are

Office Hours: Insights - Focus on Top RIsks

Sep 14, 2023 By Snyk In Snyk

We recently announced Insights, a unique capability providing organizations with code to cloud application intelligence that enables development and security teams to manage their application security posture more effectively by identifying, prioritizing, and fixing those issues posing the greater risk. Watch: What Insights is How to access Insights How to use Insights Watch if you are interested in using Insights, have started, or work as an engineer, developer, or in DevOps.

View Video

Snyk

Read more about Office Hours: Insights - Focus on Top RIsks

Navigating Chaos: JFrog Security Essentials and Advanced Security

Sep 13, 2023 By JFrog In JFrog

We examine fundamental shifts and changes to software development approaches and how we secure developers, the code they write, and the products they build. Learn how your development teams can prioritize critical vulnerable exposure (CVE) remediation, maintain granular, centralized, and complete control of the development process, and maintain a single source of truth from code to device.

View Video

JFrog

Read more about Navigating Chaos: JFrog Security Essentials and Advanced Security

Security implications of cross-origin resource sharing (CORS) in Node.js

Sep 13, 2023 By Victor Ikechukwu In Snyk

In modern web applications, cross-origin resource sharing (CORS) enables secure communication between applications hosted on different origins. Developers use CORS to access other applications’ services within their own. This approach eliminates the need to rewrite features from scratch, accelerating development time and improving the developer experience.

Read Post

Snyk

Read more about Security implications of cross-origin resource sharing (CORS) in Node.js

New Vulnerabilities in Apple Products Exploited in the Wild

Sep 12, 2023 By Andres Ramos In Arctic Wolf

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS, iPadOS, and watchOS products. These vulnerabilities can be exploited with a maliciously crafted attachment or image which leads to arbitrary code execution.

Read Post

Arctic Wolf

Read more about New Vulnerabilities in Apple Products Exploited in the Wild

CVE-2023-20269: Cisco ASA/Firepower VPN Zero-Day Vulnerability Actively Exploited

Sep 12, 2023 By Andres Ramos In Arctic Wolf

On August 31, 2023, Arctic Wolf sent out a bulletin alerting customers to an ongoing brute force campaign targeting Cisco Adaptive Security Appliance (ASA). Subsequently, on September 6, 2023, Cisco published a security advisory warning of a zero-day vulnerability (CVE-2023-20269) in the remote access VPN feature of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.

Read Post

Arctic Wolf

Read more about CVE-2023-20269: Cisco ASA/Firepower VPN Zero-Day Vulnerability Actively Exploited

How To Discover PII and Privacy Vulnerabilities in Structured Data Sources

Sep 12, 2023 By Protecto In Protecto

In this video, we walk through the process of discovering personally identifiable information (PII) and identifying potential privacy vulnerabilities within structured data sources. First, you will connect Protecto to your data repository. Then, we will show you how to access the Privacy Risk Data within your data assets catalog, obtain information on active users, access privileges, data owners, and recommendations for dealing with privacy risks.

View Video