API attacks are both underdetected and underreported

Akamai released a research into the evolving threat landscape for application programming interfaces (APIs), which according to Gartner will be the most frequent online attack vector by 2022. APIs are inherently designed to be fast and easy pipelines b… Continue reading API attacks are both underdetected and underreported

Noname Security appoints Matt Tesauro as API Security Evangelist

Noname Security announced the appointment of Matt Tesauro as its API Security Evangelist. Tesauro will engage with Noname customers and the security industry at large, contributing to standards bodies and sharing his experience, insights and strategies… Continue reading Noname Security appoints Matt Tesauro as API Security Evangelist

IriusRisk Community Edition offers free threat knowledge base for developers

IriusRisk has expanded the free Community Edition of its platform to include its entire threat and countermeasure knowledge base. Engineering teams using the Community Edition will now be able to factor its comprehensive security standards and complian… Continue reading IriusRisk Community Edition offers free threat knowledge base for developers

Approov offers free pinning generator tool to protect against automated attacks on APIs

Approov introduced the Mobile Certificate Pinning Generator, a free tool to help mobile-first companies make Man-in-the-Middle (MitM) attacks targeting mobile app APIs a thing of the past. It enables organizations to simplify what has long been a compl… Continue reading Approov offers free pinning generator tool to protect against automated attacks on APIs

Why does the OWASP Code Review Guide v2.0 recommend DPAPI with known vulnerabilities? [closed]

Why does the OWASP Code Review Guide v2.0 recommend DPAPI with known vulnerabilities?
I’m referring to section 12.4 "What to Review: Protection at Rest":

A secure way to implement robust encryption mechanisms within source
code … Continue reading Why does the OWASP Code Review Guide v2.0 recommend DPAPI with known vulnerabilities? [closed]

OWASP Top 10 2021: The most serious web application security risks

The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk. How is the list compiled? “We get data from organizations that are testing vendors by trade, bug bo… Continue reading OWASP Top 10 2021: The most serious web application security risks