As we bid farewell to another year, it is crucial to reflect on the threats of cyberattacks and ransomware and think of how to mitigate them moving forward. However, this year feels a bit different – marked by the unknown of what challenges AI will bring to the security landscape in the new year. This … continue reading
OWASP, the organization known for its list of the top 10 security vulnerabilities in software, has just published version 1.0 of a new top 10 list devoted to risks related to large language model (LLM) applications. “The frenzy of interest of Large Language Models (LLMs) following of mass-market pretrained chatbots in late 2022 has been … continue reading
The Open Worldwide Application Security Project (OWASP) announced the launch of OWASP CycloneDX version 1.5, a new standard in the Bill of Materials (BOM) domain that specifically targets issues of transparency and compliance within the software industry. CycloneDX v1.5 goes beyond established standards, by introducing ML transparency (ML-BOM), Formulation (MBOM), and enhanced support for SBOM … continue reading
Most organizations today use hundreds of applications in their environment, and with that they employ hundreds of APIs to connect these to the necessary web servers. Due to the flow of sensitive information, it’s crucial to manage policies that ensure controls are in place to only authorize appropriate access, as well as actions that can … continue reading
2021 was a tumultuous time for security, marking both massive breaches — a trend that sped up during the pandemic — and widespread action for trying to fix the problem. On May 7, 2021, the Colonial Pipeline, an American oil pipeline system, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. In response, … continue reading
The latest edition of the OWASP Top 10 showed that all of the highest-priority vulnerabilities since 2017 have shifted and new ones have been introduced. Broken Access Control has dethroned Injection as the top vulnerability, whereas it previously held fifth place. The 34 Common Weakness Enumerations (CWEs) mapped to Broken Access Control had more occurrences … continue reading
The Open Web Application Security Project (OWASP) has announced version 2 of the Software Assurance Maturity Model (SAMM). SAMM is an open-source framework that enables teams and developers to assess, formulate and implement better security strategies that can be integrated into the software development life cycle. “Our mission is to provide an effective and measurable … continue reading
In 2011, Marc Andreessen wrote an article in the Wall Street Journal that included the now-famous phrase “software is eating the world.” Eight years on, that statement rings truer than ever. It’s not a stretch to say that software is eating the cybersecurity world as well. The fallout from not integrating security early in the … continue reading
Companies are paying the highest amount of bounties to fix cross-site scripting (XSS), improper authentication and information disclosure vulnerabilities. Meanwhile, some cloud-based vulnerabilities such as server-side request forgery (SSRF), in which an attacker can abuse functionality on the server to read or update internal resources, are seeing an uptick in bounties. This is according to … continue reading
DevSecOps has come to be known by many as the shifting left of security, making it a key part of software development while code is being written, as opposed to trying to put security onto the application after it’s completed. This follows the trends of DevOps, which moved operational considerations for applications into development, as … continue reading
The Open Web Application Security Project (OWASP) officially released its Top 10 most critical web application security risks. This is the first time the organization has updated the Top 10 since 2013. “Change has accelerated over the last four years, and the OWASP Top 10 needed to change. We’ve completely refactored the OWASP Top 10, … continue reading
This year, the Open Web Application Security Project (OWASP) released its Top 10 2017 project for public review. There were two vulnerability updates to this year’s 14th release of OWASP, and although they were added to raise awareness on security risks in applications, one company is calling a movement for removal and replacement of one … continue reading