Take Care of Orphan APIs with Wallarm
The Wallarm API Discovery module has been further enhanced to enable customers to identify Orphan APIs and bring them under management. In this post we’ll…
Category: Mix
ATHI — An AI Threat Modeling Framework for Policymakers
My whole career has been in Information Security, and I began thinking a lot about AI in 2015. Since then I’ve done multiple deep dives…
API4:2023 Unrestricted Resource Consumption
Welcome to the 5th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…
Impact of the New SEC Cyber Incident Reporting Rules on the C-Suite and Beyond
We recently hosted a compact and very engaging panel discussion about the new SEC Cyber Incident Reporting Rules due to come into effect later this…
Be a Hype Man For Your Friends · rez0
Explaining the benefits of hyping up your friends’ ideas. Amplify (ˈam·pləˌfī) verb: To make larger, greater, or stronger; enlarge; extend. Idea Amplification (īˈdēə ˌam·plə·fəˈkā·shən) noun:…
How Ethical Hackers Help the CISO Budget [4 Takeaways from CISOs]
Over the course of a few weeks, we had conversations with 50+ CISOs and security leaders from a wide range of industries, organization sizes, and…
[tl;dr sec] #195 – Kubernetes Exposed, SBOMs, Elastic’s Vuln Management
I hope you’ve been doing well! Hacker Summer Camp This year was my first time in Vegas since the pandemic, and I even managed to…
Unsupervised Learning NO. 394
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original…
OAuth and PostMessage
Tl;DR; An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth IDP at https://app.target.com/oauth/authorize, which allowed attackers to control the path of…
What Is the New NIST Control for Public Disclosure Programs?
Let’s first define what we’re talking about when we refer to these NIST controls. NIST 800-53 is a popular framework for security programs globally and…
Customize ZAP HUD 🎮
Today, I write a post about how to use ZAP HUD in an engaging manner. While ZAP HUD may not have incredibly useful features at…
90-Day Certificate Validity
오늘은 구글에서 추친하는 90일의 인증서 유효기간에 대한 이야기를 하려고 합니다. 구글이 올해 3월(2023)에 Chromium Security 를 통해 공지(방향성에 대한 공지)한 이후에 아직 별다른 액션이 없긴…