When setting out to build a new DevOps process for their application, many teams are filled with excitement and optimism about what they can achieve. But, months into an implementation, they're later frustrated when they can't secure the budget, buy-in or resources they need to put their new DevOps process into action. By involving key stakeholders early when building a new DevOps process, these blockers can be avoided ...
Vendor Forum
January 03, 2024
Dotan Nahum
Check Point Software Technologies
Lines of code bridge the gap between digital worlds, enabling seamless data sharing and functionality between different software systems. With this heightened interconnectivity, API security becomes paramount to protect sensitive data and ensure the integrity of digital services. While OAuth has been a widely adopted protocol for API security, it's essential to recognize that it alone may not suffice to address all security challenges. In fact, there are many limitations of OAuth and other advanced security measures to bolster API security ...
Updated OWASP Top 10 for API Security Underscores the Challenge of Mitigating Business Logic Attacks
November 29, 2023
Lebin Cheng
Imperva
The OWASP Foundation updated the API Security Top 10 list for 2023, outlining the most critical security risks for APIs in production. The updated guidance highlights just how much the API security landscape has changed since the original list was published in 2019 — including the rapid rise of business logic attacks (BLAs). Three of the top five categories on the Top 10 list are now related to business logic abuse, compared to just two in 2019. The updated list underscores the fact that if organizations want to bolster their API security, implementing safeguards capable of detecting and remediating abuse of business logic needs to be a priority ...
November 27, 2023
Jeff Martin
Mend
Recent research conducted by ESG and sponsored by Mend.io found just 52% of companies can effectively remediate a critical vulnerability — and even fewer (42%) are confident in their ability to manage the security and compliance risks associated with open-source software ...
November 21, 2023
Dotan Nahum
Check Point Software Technologies
Cyberattacks are publicized much more frequently than the hard work security teams put in to stop them. 2017's WannaCry and 2022's Log4Shell were amplified by companies' failures to install readily available patches, causing highly destructive, expensive, and embarrassing consequences for victim organizations ...
November 20, 2023
Dave Sudia
Ambassador Labs
The largest takeaway we should all be focused on for 2024 is this: Kubernetes technology is on a rapid growth trajectory ... In fact, 80% of developers surveyed in DZone's annual Kubernetes in the Enterprise 2023 report expressed that their organization was currently running Kubernetes clusters, and the report suggests that the Kubernetes industry may be close to reaching its saturation point ...
November 16, 2023
Stephen Feloney
Perforce Software
Companies have touted AI's ability to make employees more productive and efficient, personalize services and experiences, and improve quality while decreasing human error. And today, many organizations also realize the competitive advantage of utilizing AI in workflows, especially in web and mobile application performance testing ...
November 15, 2023
Daniel Balla
Bitrise
More than 1,300 mobile practitioners shared a look inside their organizations' mobile strategies and revealed that just 8% of their companies have a dedicated team for mobile app development. While this may seem contradictory to companies' mobile ambitions, most developers will agree that pushing for an entire set of tools, resources, skills and talent dedicated to mobile alone is almost unheard of in the DevOps industry ...
November 14, 2023
Zach Lloyd
Warp
A few months ago, Warp surveyed 1500+ developers about how they use the command line terminal. Specifically, the survey asked questions around common pain points, popular plugins, use of artificial intelligence, types of customizations, and perceived expertise in industry-level developers. What's the story behind the complex relationship between coder and terminal? Here is what the survey revealed ...
November 13, 2023
Stephen Atwell
Armory.io
The average developer tenure is less than two years, even for large tech companies with flashy perks. That's compared to an average employee tenure of 4.1 years across other industries. Clearly, something isn't adding up in the developer experience (DevEx). But what are non-technical leaders missing? ...
November 08, 2023
Dotan Nahum
Check Point Software Technologies
The marriage between AI and API security seems like an odd pairing at first. Dubbed a threat to API security, generative AI applications can be easily customized to create and run multiple scenarios to expose weaknesses in APIs. Moreover, given the right datasets, hackers can train AI to plan and execute attacks that evade traditional API security solutions. However, those qualities make artificial intelligence and machine learning the technology that may be missing in your API security stack ...
November 06, 2023
Richard Bird
Traceable AI
In the battle to secure APIs, many organizations are losing. The reason being that many organizations don't know the extent of API risk. From complacency in creating comprehensive security risk profiles for APIs, failing to pinpoint API endpoints managing sensitive data without adequate authentication, and deferring finding a consensus on who should own the responsibility of API security, organizations are coming up short ...
November 01, 2023
Knut Sveidqvist
Mermaid Chart
In general, we developers recognize the importance and utility of using diagrams to design systems and document our code. Diagrams help turn black boxes into glass ones. They can help us describe how systems talk to each other, communicate how systems operate internally, identify areas where our models can be simplified, and so on. The process of actually making those diagrams, however, is another story ...
October 31, 2023
Scott Gerlach
StackHawk
While most may be scared of goblins and ghouls this Halloween, the real threat to enterprise organizations this spooky season are zombie APIs. Though it may be Halloween, developer and security teams are spooked year round by these undetected threats. According to a recent report, approximately 92% of organizations have been impacted by at least one API security-related incident in the past 12 months, while 57% reported experiencing multiple API security incidents in the same time frame ...
October 30, 2023
Ankit Sobti
Postman
It's understood that APIs are essential building blocks of modern software. But are APIs products in their own right, ones that can produce revenue? Most API developers and professionals say yes, with 60% viewing their APIs as products, according to Postman's 2023 State of the API Report ...
Pages
