Monday, June 23, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Spotting SaaS Application Vulnerabilities

SBN

Spotting SaaS Application Vulnerabilities

by Emile Antone on August 31, 2022

This blog is reposted from an article originally published on August 19, 2022 by Michael Novinson and ISMG. Listen to the full interview here.

Obsidian Security has in recent months invested in giving enterprises more visibility into how their SaaS applications are talking to other SaaS applications so that supply chain compromise can be more easily recognized, CEO Hasan Imam says. This linkage has required Obsidian to better understand how SaaS applications are connected as well as the threat vectors related to those integration points, Imam says.

Organizations must distinguish between normal and abnormal data movement between SaaS applications, which means they must know who’s accessing those systems and how often, so typical behavior can be modeled out, Imam says. From there, it becomes easier to detect potential attacks, especially when a valid token is being used but the user behavior or activity is very unusual (see: Obsidian Security Raises $90M to Safeguard More SaaS Apps).

Techstrong Gang Youtube
AWS Hub

“We believe it’s very important to build out depth of coverage around the core SaaS applications because that represents 90% of the risk and threat to enterprises,” Imam says.

In this audio interview with Information Security Media Group, Imam also discusses:

  • The top security risks around safeguarding user credentials;
  • Why it’s hard to detect breaches involving valid certificates;
  • Key differences between cloud and SaaS posture management.

Imam, who joined Obsidian as CEO at the start of 2021, previously spent nearly five years at Shape Security, ending in a two-year stint as the web and mobile application security vendor’s chief revenue and customer officer. Before joining Shape, Imam spent three years at DocuSign, where he led the e-signature company’s industry and horizontal solutions. Prior to that, he spent more than three years at Hewlett-Packard, where he oversaw strategic accounts and operations.

The post Spotting SaaS Application Vulnerabilities appeared first on Obsidian Security.

*** This is a Security Bloggers Network syndicated blog from Obsidian Security authored by Emile Antone. Read the original post at: https://www.obsidiansecurity.com/blog/spotting-saas-application-vulnerabilities/

August 31, 2022August 31, 2022 Emile Antone Account Compromise, FEATURED, SaaS Security, saas supply chain risk, SBN News
  • ← BSides Vancouver 2022 – Ritu Gill’s ‘Online Privacy & Risk Management’
  • The Great Resignation-How does the world phenomenon affect employee security awareness? →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks
Google’s $32 Billion Acquisition of Wiz Draws DoJ Antitrust Probe: Report
Trump’s TikTok Tarry — Yet Again, Ban-Can Kicked Down the Road
AWS Extends Scope of Cybersecurity Alliance with CrowdStrike
AWS Makes Bevy of Updates to Simplify Cloud Security
How the New HIPAA Regulations 2025 Will Impact Healthcare Compliance
Your passwords are everywhere: What the massive 16 billion login leak means for you
Understanding EchoLeak: What This Vulnerability Teaches Us About Application Security | Impart Security
AI Security Guide: Protecting models, data, and systems from emerging threats
The $4.88 Million Question: Why Password-Based Breaches Are Getting More Expensive

Industry Spotlight

Scattered Spider Targets Aflac, Other Insurance Companies
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence 

Scattered Spider Targets Aflac, Other Insurance Companies

June 22, 2025 Jeffrey Burt | Yesterday 0
US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency
Analytics & Intelligence Blockchain Cyberlaw Cybersecurity Data Privacy Digital Currency Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches 

US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency

June 20, 2025 Richi Jennings | 2 days ago 0
Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks
Blockchain Cloud Security Cybersecurity Data Security Digital Currency Featured Identity & Access Incident Response Industry Spotlight Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Iran Reduces Internet Access After Israeli Airstrikes, Cyberattacks

June 18, 2025 Jeffrey Burt | 4 days ago 0

Top Stories

16 Billion Leaked Records May Not Be a New Breach, But They’re a Threat
Cloud Security Cybersecurity Data Privacy Data Security Endpoint Featured Identity & Access Malware Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches 

16 Billion Leaked Records May Not Be a New Breach, But They’re a Threat

June 22, 2025 Jeffrey Burt | Yesterday 0
AWS Raises Expertise Bar for MSSP Partners
AI and Machine Learning in Security Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

AWS Raises Expertise Bar for MSSP Partners

June 22, 2025 Michael Vizard | Yesterday 0
Google’s $32 Billion Acquisition of Wiz Draws DoJ Antitrust Probe: Report
Cybersecurity Featured News Security Boulevard (Original) Social - X Spotlight 

Google’s $32 Billion Acquisition of Wiz Draws DoJ Antitrust Probe: Report

June 19, 2025 Jon Swartz | 3 days ago 0

Security Humor

A pig in a muddy farm field

US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency

Download Free eBook

7 Must-Read eBooks for Security Professionals

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×