Application Security News and Articles


Enterprise Blind Spots and Obsolete Tools – Security Teams Must Evolve

The conventional tools we rely on to defend corporate networks are creating gaps in network visibility and in our capabilities to secure them. The post Enterprise Blind Spots and Obsolete Tools – Security Teams Must Evolve appeared first on ...

Analyzing Your Existing API Testing Through a Security Lens

Learn how to look at your API testing through a security lens to get the best code coverage and approach it with offensive security in mind. The post Analyzing Your Existing API Testing Through a Security Lens appeared first on Dana Epp's ...

Register Now: Attack Surface Management Summit – Feb. 22

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing. The post Register Now: Attack Surface Management Summit – Feb. 22 appeared first on SecurityWeek.

USENIX Security ’22 – ‘Creating a Secure Underlay For The Internet’

Complete Title: 'USENIX Security '22 - Henry Birge-Lee, Joel Wanner, Grace H. Cimaszewski, Jonghoon Kwon, Liang Wang, François Wirz, Prateek Mittal, Adrian Perrig, Yixin Sun - ‘Creating a Secure Underlay for the Internet’ Our thanks to ...

The Not-So Obvious Benefits of Breach and Attack Simulation (BAS)

Learn more about the often overlooked applications of breach and attack simulation that can help organizations address pressing real-world security challenges. The post The Not-So Obvious Benefits of Breach and Attack Simulation (BAS) appeared ...

Exposing Iran’s Hacking Scene and Hacking Ecosystem Major Web Site Repositiories – An OSINT Analysis – Part Two

Dear blog readers, I've decided to share with everyone the results of a recent Technical Collection campaign which aims to collect tools of the trade including personally identifiable information on Iran based lone hacker groups including hacking ...

Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header

During a recent Chariot customer pilot we identified an interesting method to bypass the cross-site scripting (XSS) filtering functionality within the Akamai Web Application Firewall (WAF) solution. Chariot had identified a Carriage Return and ...

Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities

Apple has updated its security advisories to add new iOS and macOS vulnerabilities, including ones belonging to a new class of bugs. The post Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities appeared first on ...

PoC exploit, IoCs for Fortinet FortiNAC RCE released (CVE-2022-39952)

Horizon3’s Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet’s network access control solution. “Similar to the weaponization of previous archive vulnerability issues that ...

The Most Pressing Cybersecurity Challenges of 2023

The global cost of cybercrime attacks is rising and reached an estimated €5.5 trillion in 2021. Ransomware attacks alone hit organizations somewhere in the world every 11 seconds. Our use of and dependence on technology grows each day and with ...

How Banyan Remediates Threats

Introduction There’s no escaping the number of breaches occurring daily, our media is full of them. As practitioners it feels like we’re pushing rope uphill as we try to convince organizations to adopt the basic security practices that will ...

What can we learn from the latest Coinbase cyberattack?

Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year. Leveraging smishing and vishing, the attackers tried to trick ...

Using Generic Application Access Rules in SAP Custom Development

Using Generic Application Access Rules in SAP Custom Development Thomas Fritsch Tue, 02/21/2023 - 13:40 SAP applications often require the need to restrict access for certain entities to a subset of all instances. In most scenarios, SAP’s ...

AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks. The post AI Helps Crack NIST-Recommended Post-Quantum ...

Abuse of Copyright Law Online to Remove Dissent and Criticism

The Washington Post recently reported on a “reputation management” company called Eliminalia which purported to clean up the online reputation of its clients and customers and make negative information “disappear.” Now, there are lots of ...

Introducing DataDome Audit Trail

DataDome announces the newest feature in our dashboard: audit trail—an easily accessible change log to keep track of adjustments made to your settings. The post Introducing DataDome Audit Trail appeared first on Security Boulevard.

Would Tesla’s SOX Compliance Failures Mean Elon Musk Goes To Jail?

The U.S. Sarbanes-Oxley Act (SOX) was passed in 2002 in response to financial scandals like Enron, a Texas company I’ve mentioned on this blog several times in terms of mounting allegations that Tesla has engaged in systemic fraud. SOX, ...

Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs

Introduction On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an ...

HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance

HardBit ransomware operators want to work with victims to negotiate a ransom behind the back of cyberinsurance companies. The post HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance appeared first on SecurityWeek.

Scrut Automation Raises $7.5 Million for GRC Platform 

India-based Scrut Automation has raised money to improve its risk observability and compliance automation platform and expand its presence in the US. The post Scrut Automation Raises $7.5 Million for GRC Platform  appeared first on SecurityWeek.