The Cequence Security Blog – Top 5 Posts of 2020
As we transition into the last month of 2020, it’s time for my team and I to look back over what we covered this year in the blog and start giving some thought to 2021’s editorial calendar. I know that I definitely have favorite content pieces, but there is something ... Read More
Retrospectives, Predictions, and Philanthropy: Giving Back Tuesday 2020 – A $5 Donation for Every Attendee
With positive news on a vaccine, a faint light has begun to appear at the end of the 2020 tunnel. Yet, for many, 2020 has brought about a new way of life. Join us on December 1st, Global Giving Back Tuesday, for a discussion with Cequence Security founders Shreyans Mehta ... Read More
Tales from the Front Lines: Large Retailer Achieves Near Immediate Time-to-Value
One of our newest customers is a large, community-based retailer that had a mobile application and API account takeover problem. Roughly 12 months ago, they selected a JavaScript and SDK-based bot mitigation solution to address their ATO challenges. The initial focus was to protect the mobile applications and associated APIs ... Read More
How the HR System Enabled my Promotion to CEO
Just kidding. I am happy to remain an individual contributor. However, if the HR system API had been implemented without the appropriate levels of authorization control, commonly referred to as broken object-level authorization (BOLA), it could be exploited by bad actors, internal or external, to enable an undeserving promotion. BOLA ... Read More
Cequence Security Named a 2021 TAG Cyber Distinguished Vendor
Research and advisory firm TAG Cyber has been publishing its seminal Security Annual report since 2016. Thousands of leaders and decision-makers across the cybersecurity ecosystem have come to rely on this report for expert guidance, analysis and education. The organization published this year’s Security Annual today and Cequence Security is ... Read More
Aite Group Research Validates API Security Gaps
2020 is moving into the final quarter and it appears to be the year of the API security incident with MGM, Starbucks, Data Viper and Docker as just a few examples of API security incidents. The reasons are obvious – API use has exploded for both developers and bad actors ... Read More
API Security Need to Know: Questions Every Executive Should Ask About Their APIs
Using NIST CSF to Reign in your API Footprint As your digital transformation accelerates, it’s API volume and usage has accelerated in tandem. It is also very likely that your API security efforts have lagged behind your increase in API usage. Unlike other more mature areas of cybersecurity, the API ... Read More
Help! There’s an OpenBullet Attack Config for Our Site – What Should we Do?
Thinly veiled as a web testing tool, OpenBullet a commonly used attack management toolkit that allows a bad actor to create and execute automated account takeovers and other types of attacks. Complete with its’s own GitHub repo and user community, OpenBullet allows a bad actor to create or import a ... Read More
OWASP AppSec Training Day: API Attacks Beyond the OWASP API Top 10
There still time to register for the upcoming OWASP Training Day: API Attacks Beyond the OWASP API Top 10 led by hacker-in-residence Jason Kent. This class is ideally suited for those who are faced with protecting APIs from attacks as well as those developers looking to learn how their APIs ... Read More
APIs: The Next-Frontier in Cyber-Crime
This year is turning out to be the year that kicks every company’s digital transformation into high gear in order to support work-from-home and shelter-in-place restrictions. With such a quick shift to and expansion of API-based architectures, it’s important to note the security vulnerabilities and expanded attack surface that are ... Read More
