While fuzzing may sound like just another buzzword in the cybersec landscape, it has continued to gain popularity over the last several years and shows no signs of going away. Development teams know that unless their developers all just came down from Mount Olympus, there are likely to be security holes in their applications – […]
Read More… from Fuzzing: An Important Tool in Your Penetration Testing Toolbox
The California Consumer Privacy Act (CCPA) is as much about process administration as it is about data security. Systems must be compliant, for both data security and administration, and offer a reasonable verification method such as audit trails. Often described as a mini-GDPR, CCPA is the State of California’s effort to tighten laws around information […]
Read More… from BeSECURE Provides a Quick and Easy Way to Assess Your Risk of a CCPA Violation
Published on June 29th, 2020 Details Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. Vulnerable Systems: Ping Identity PingID SSH before 4.0.14 CVE Information: CVE-2020-10654 Disclosure Timeline:Published Date:5/13/2020 Vulnerability Management, SAST, and DAST […]
Read More… from Ping Identity PingID SSH before 4.0.14 Out-of-bounds Write Vulnerability
Published on June 29th, 2020 Summary A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. Credit: The information has been provided by Stefan Schimanski The original article can be found at:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706 Details This flaw allows an attacker with access to a […]
In a recent cyber-attack, a metallurgy company became infected with ransomware. The firm shut down for a week to deal with the infection; the final costs for the system backup and production downtime came to over 50 million euros ($54 million). This follows a Kaspersky report, “The State of Industrial Cybersecurity” that shows 70% of […]
Read More… from How to Use SAST and DAST to Meet ISA/IEC 62443 Compliance
This article was originally published on TechAeris on May 08, 2020. What do you do if a small infected minority is threatening to infect the rest? By now, there probably isn’t a human being on the planet that doesn’t know the answer to this question: you place the infected in quarantine, separating them from the healthy. Collectively, […]
Read More… from Better Enterprise Security Through Forced Quarantine
It’s easy to forget how dramatically the delivery of tech tools has changed over the decades. These days, few of us depend on a long list of desktop apps to do our work. Instead, we spend our working day logged into several web apps – simultaneously. Likewise, we can miss just how complex and interconnected […]
Read More… from Why Ignoring Web Application Security Can Be Costly
Web applications are exposed. Unlike internal network applications, everyone can get to a web application; all they need is an internet connection. That includes hackers too. In fact, an automated tool may be attacking the web applications you depend on as you read this article. But developers often overlook web application security. Teams frequently spend […]
Read More… from Top 10 Tips to Improve Web Application Security
Last updated on April 24, 2020. Web security, your site and your network Web sites are unfortunately prone to security risks. And so are any networks in which web servers are connected. Setting aside risks created by employee use or misuse of network resources, your web server and the site it hosts present your most […]
Read More… from Everything You Need to Know About Web Security
REST APIs have allowed us to create modern web and mobile applications; By using the power of an API, we can open up the world of services – pulling in data and sharing information and oiling the wheels of the internet. But building an API-enabled service also means that you potentially open up your web or […]
Read More… from Defuzzing API Testing: The Search for Vulnerabilities