%term

Top Changes in the OWASP API Security Top 10 2023RC

Mar 12, 2023 By Yaniv Balmas In Salt Security

The OWASP API project has recently decided to refresh the popular API Security Top 10 threat map. The team at Salt Security has always been actively involved in this project, having been a key contributor to the initial creation of the list. And we continue to be deeply involved in the thinking process, data gathering, and brainstorming in updating it. As of the writing of this post, the final version of API Security Top 10 2023 has not been officially released.

Read Post

Salt Security

Read more about Top Changes in the OWASP API Security Top 10 2023RC

Top 11 Vulnerability Assessment Companies You Need To Know

Mar 10, 2023 By Nivedita James In Astra

The process of detecting, analyzing, and prioritizing vulnerabilities found through vulnerability assessments is an essential part of maintaining cyber security. Cyber security assessment services that provide vulnerability assessments are highly sought after with the increasing number of threats in the cyber world.

Read Post

Astra

Read more about Top 11 Vulnerability Assessment Companies You Need To Know

This Week in VulnDB - The Big Fix Edition

Mar 10, 2023 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video

Snyk

Read more about This Week in VulnDB - The Big Fix Edition

The Problem with the U.S. Power Grid: It's too Vulnerable to Attacks

Mar 10, 2023 By Tripwire Guest Authors In Tripwire

Reliable electricity is essential to the convenience of modern life, and also functions as a crucial contribution to America’s economy and level of comfort. Yet citizens take it for granted, rarely thinking about it much.

Read Post

Tripwire

Read more about The Problem with the U.S. Power Grid: It's too Vulnerable to Attacks

Critical RCE Vulnerability in FortiOS & FortiProxy (CVE-2023-25610)

Mar 10, 2023 By Adrian Korn In Arctic Wolf

On Tuesday, March 7, 2023, Fortinet published a security advisory detailing an unauthenticated remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-25610). The vulnerability was internally discovered by Fortinet, and exploitation has not been observed in the wild at this time. A proof of concept (PoC) exploit has not been published publicly for this vulnerability at this time.

Read Post

Arctic Wolf

Read more about Critical RCE Vulnerability in FortiOS & FortiProxy (CVE-2023-25610)

Five key takeaways from Outpost24's Cyber Resilience Day

Mar 9, 2023 By Outpost 24 In Outpost 24

True to its theme ‘Cyber Resilience’, our recent cyber security gathering was able to dissect the fast-moving threat landscape with insights and information nuggets from a panel of security experts and practitioners on the shortcomings and the need for better use of threat intelligence. Here are five takeaways from the Cyber Resilience Day in Breda co-hosted with our customer CM.com and a panel of cybersecurity experts.

Read Post

Outpost 24

Read more about Five key takeaways from Outpost24's Cyber Resilience Day

CISO playbook: 3 things to consider when establishing a security culture

Mar 9, 2023 By Simon Maple In Snyk

Establishing a thriving security culture across your organization will rely heavily on your developer teams. Therefore, engaging with developers early and often while you build your security program is vital. In this playbook for Chief Information Security Officers (CISOs), we explore how to build a security culture across your organization by considering the following three things.

Read Post

Snyk

Read more about CISO playbook: 3 things to consider when establishing a security culture

Cultivating Developer Adoption

Mar 9, 2023 By Snyk In Snyk

Many organizations are encouraging their developer teams to adopt a security mindset and take more ownership on security issues earlier in the development process. But how can that actually be achieved effectively and what a successful program looks like in practice? In this recording, we’ll discuss some of the program lessons we’ve learnt from many enterprises that are going through this process and investigate different methodologies for implementing DevSecOps and will share what are best practices to follow and common pitfalls to avoid.

View Video

Snyk

Read more about Cultivating Developer Adoption

Account Takeover Vulnerability in Azure's API Management Developer Portal

Mar 8, 2023 By Tom Stacey In Outpost 24

How an Account Takeover vulnerability, discovered during a routine customer engagement, became a candidate for responsible disclosure, via the Microsoft Security Research Center Researcher Portal.

Read Post

Outpost 24

Read more about Account Takeover Vulnerability in Azure's API Management Developer Portal

Comparing Node.js web frameworks: Which is most secure?

Mar 8, 2023 By Vivek Maskara In Snyk

JavaScript is the world’s most popular programming language, providing many web frameworks that help developers build secure, reliable Node.js web applications. Each framework has unique features, and which framework is right for you depends on your preference and the type of application you intend to create. With so many frameworks available, you need a way to assess their security.

Read Post