In Episode 38 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the security implications of the latest Apple iOS NameDrop feature ..
DevSecOps
Updated OWASP Top 10 for API Security Underscores the Challenge of Mitigating Business Logic Attacks
November 29, 2023
The OWASP Foundation updated the API Security Top 10 list for 2023, outlining the most critical security risks for APIs in production. The updated guidance highlights just how much the API security landscape has changed since the original list was published in 2019 — including the rapid rise of business logic attacks (BLAs). Three of the top five categories on the Top 10 list are now related to business logic abuse, compared to just two in 2019. The updated list underscores the fact that if organizations want to bolster their API security, implementing safeguards capable of detecting and remediating abuse of business logic needs to be a priority ...
November 27, 2023
Recent research conducted by ESG and sponsored by Mend.io found just 52% of companies can effectively remediate a critical vulnerability — and even fewer (42%) are confident in their ability to manage the security and compliance risks associated with open-source software ...
November 21, 2023
Cyberattacks are publicized much more frequently than the hard work security teams put in to stop them. 2017's WannaCry and 2022's Log4Shell were amplified by companies' failures to install readily available patches, causing highly destructive, expensive, and embarrassing consequences for victim organizations ...
November 18, 2023
In Episode 36 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss cloud security ...
November 10, 2023
In Episode 35 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss cybersecurity freemium solutions ...
November 08, 2023
The marriage between AI and API security seems like an odd pairing at first. Dubbed a threat to API security, generative AI applications can be easily customized to create and run multiple scenarios to expose weaknesses in APIs. Moreover, given the right datasets, hackers can train AI to plan and execute attacks that evade traditional API security solutions. However, those qualities make artificial intelligence and machine learning the technology that may be missing in your API security stack ...
November 06, 2023
In the battle to secure APIs, many organizations are losing. The reason being that many organizations don't know the extent of API risk. From complacency in creating comprehensive security risk profiles for APIs, failing to pinpoint API endpoints managing sensitive data without adequate authentication, and deferring finding a consensus on who should own the responsibility of API security, organizations are coming up short ...
November 03, 2023
In Episode 34 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss cyber regulations, such as AI and Facebook changes in the EU ...
October 27, 2023
In Episode 33 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss Security 101 Basics: What is Third Party Risk Management (TPRM)? ...
October 26, 2023
Companies relying on open-source libraries introduce risks to their end-users, so they're on the hook for thoroughly auditing all software. The internal security principles guiding the auditing process are often called open-source governance. However critical, open-source governance principles can hinder vital development metrics like deployment time. Navigating the balance between organizational imperatives and risk management is thus an ever-more essential — and challenging — aspect of a developer's daily life ...
October 24, 2023
The majority (75%) of organizations typically change or update their APIs on a daily or weekly basis, creating a significant challenge for protecting the changing API attack surface, according to Securing the API Attack Surface, a report from Data Theorem and ESG ...
October 20, 2023
In Episode 32 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the business impacts of the cyber war ...
October 17, 2023
Platform engineering is the newest player on the scene. Whereas DevOps is a discipline defined by processes (that have been incrementally automated) to nurture communication and collaboration, platform engineering is a finite organization that is very task driven ...
October 16, 2023
Many experts believe the heyday of DevOps is coming to an end ... So, is it time to retire DevOps entirely? Only time will tell. But I staunchly believe it's misguided to count DevOps out just yet. Instead, practitioners should expect DevOps to do what DevOps does best: develop and grow with the market ...
October 13, 2023
In Episode 31 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the changing role and importance of the industry analyst ...
October 11, 2023
With the rapid increase in API usage also comes an increase in malicious actors targeting APIs as a gateway to customer and company data. That's why ensuring that your API integrations are safe is no longer simply a technical requirement, it is a responsibility that developers and organizations cannot take lightly. Here are three ways to ensure that your next API integration doesn't leave you, or your users, vulnerable ...
October 05, 2023
In 2023, twice as many software supply chain attacks took place as 2019-2022 combined, according to State of the Software Supply Chain Report ...
September 26, 2023
The current world of software relies heavily on recycled code, much of which is lifted from open-source repositories. No matter how tightly you integrate security into your development cycles, if the open-source code you borrowed is vulnerable, so are you. Even if you were to somehow achieve the unrealistic goal of "zero vulnerabilities in production," there's no guarantee that this will actually make your business secure ...
September 21, 2023
In Episode 28 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the aging cybersecurity workforce ...
September 20, 2023
One third (34%) of organizations are either already using or implementing artificial intelligence (AI) application security tools to mitigate the accompanying risks of generative AI (GenAI), according to a new survey from Gartner ...
September 14, 2023
API security should be a key part of any organization's security strategy today; however, it's often overlooked. APIs make up 83 percent of all web traffic, and they play a vital role in nearly all modern mobile and web applications, as well as containers and microservices. APIs are designed to be accessed by third parties, which exposes them to a broader spectrum of potential attacks compared to traditional web applications ...
September 12, 2023
In Episode 27 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the MGM Resorts cyberattack ...
September 11, 2023
President Biden's Executive Order on Improving the Nation's Cybersecurity has driven wide-scale changes in software development practices in both the UK and US in the two years since it launched, according to new research from Sonatype ...
September 08, 2023
In Episode 26 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the ending of support for TLS 1.0 and 1.1 standards ...
