Collaborate Disseminate
In this Help Net Security podcast, Doug Dooley, Chief Operating Officer at Data Theorem, discusses serverless computing, a new area that both DevOps leaders and enterprise security leaders are having to tackle. Here’s a transcript of the podcast for yo… Continue reading Serverless, shadow APIs and Denial of Wallet attacks
In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies –… Continue reading Better API Penetration Testing with Postman – Part 2
This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In th… Continue reading Better API Penetration Testing with Postman – Part 1
Hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year, making retail the most targeted segment studied, according to the Akamai 2019 State of the Internet / Security: Retail Attacks and API… Continue reading Fighting credential stuffing attacks is an uphill battle
Powerful capabilities of modern browser APIs could be misused by attackers to take control of a site visitor’s browser, add it to their botnet, and use it for a variety of malicious actions, researchers from the Foundation for Research and Technology &… Continue reading Modern browser APIs can be abused for hijacking device resources
Schools out for summer? Well not quite. Unless you’re living in the east coast of Australia, it’s looking decidedly bleak weather wise for most of Europe and the American east coast. But I digress. Is it looking bleak for your d… Continue reading 2019 Digital Identity Progress Report
In the News segment, Oracle patches 284 vulnerabilities, bug in Twitter Android app exposed protected tweets, 4 tips for better API Security in 2019, and more! Bugs, Breaches, and More! Oracle Patches 284 Vulnerabilities in January Critical Patch U… Continue reading Bugs, Breaches, and More – Application Security Weekly #47
Security breaches regularly made headlines this year, while advancements in DevOps, application security testing tools, artificial intelligence, machine learning, cloud adoption, and the Internet of Things race forward. 2019 promises to be another busy… Continue reading Software Security Predictions: What to Watch for in 2019
Google has unearthed another Google+ API bug, which prompted it to accelerate the sunsetting of all Google+APIs and that of the consumer version of Google+. The API bug The bug was introduced in November through a software update and was discovered as … Continue reading Another API bug spurs Google to ditch consumer Google+ sooner than planned
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019.
Google said … Continue reading Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users