The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) released a joint Cybersecurity Advisory on July 27, 2023, to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference ... Read More

June 9th Progress Software released a statement “Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database.” Well, that doesn’t seem very good at all, in this case “multiple” meant 3 on ... Read More

June 9th Progress Software released a statement “Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database.” Well, that doesn’t seem very good at all, in this case “multiple” meant 3 on ... Read More

API security is a top 2023 security initiative for many organizations, given the continued increase in API usage and the API breach activity observed in 2022. Since more and more organizations are starting API security programs, I thought it might be prudent to provide a 30-60-90 day framework that we ... Read More

The widespread news surrounding ChatGPT and its alternatives got me thinking about how it may or may not impact API security. Current top of mind headlines are those touting an impending doom as a result of ChatGPT taking over our lives. An article that says ChatGPT is bad because it ... Read More

Learn how customers are leveraging security automation to accelerate bot attack response time and improve their API security posture. In effect, customers can fight fire with fire by using automation to block (automated) bot attacks like account takeover, shopping bots and loan fraud. Every IT security professional I know, or ... Read More

Operational technology encompasses supervisory control and data acquisition (SCADA), industrial control systems (ICS), and distributed control systems (DCS). OT can be involved in critical processes that, if breached, could have catastrophic consequences, including loss of life. Water treatment plants, power distribution, traffic management, and other critical infrastructure rely on operational ... Read More

Operational technology encompasses supervisory control and data acquisition (SCADA), industrial control systems (ICS), and distributed control systems (DCS). OT can be involved in critical processes that, if breached, could have catastrophic consequences, including loss of life. Water treatment plants, power distribution, traffic management, and other critical infrastructure rely on operational ... Read More

Long after the press news and panic surrounding the discovery of Log4j, the Log4 Shell exploit and the supply-chain variant dubbed LoNg4j, IT and security teams are still struggling to adopt Log4j best practices for ensuring their servers are patched and protected. To help our customers address this critical need ... Read More

GraphQL is an open-source query language originally developed by Facebook that can be used to build APIs as an alternative to REST and SOAP. GraphQL has gained popularity since its inception in 2012 because of the native flexibility it offers to those building and calling the API. GraphQL servers and ... Read More