API3:2023 Broken Object Property Level Authorization
Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…
Category: Mix
What to Know About the New SEC Cybersecurity Rule [3 Requirements]
SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule The SEC’s final rule is aimed at helping investors make informed investment decisions by providing…
[tl;dr sec] #194 – CNAPPGoat, KubeFuzz, tl;dr sec swag
I hope you’ve been doing well! Hacker Summer Camp This is the first time I’m attending the Vegas conferences since the pandemic, and I’ve been…
Spot risks with our new IP view
Our new IP view offers another point of view on the expanding attack surface Customers often tell us of instances where someone in their team…
New techniques and tools for web race conditions | Blog
Emma Stocks | 10 August 2023 at 06:56 UTC For too long, web race-condition attacks have focused on a tiny handful of scenarios. Testing for…
Metabase Pre-Auth RCE (CVE-2023-38646) – Assetnote
Summary An unauthenticated attacker can obtain the setup token for an instance and use it to achieve remote code execution via an endpoint that allows…
Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646) – Assetnote
Metabase is an open source business intelligence tool that lets you create charts and dashboards using data from a variety of databases and data sources.…
Enhancing API Security with FAST
Welcome to another inside story straight from the Wallarm labs. Today we’re taking you behind the scenes of our self-testing journey, showcasing how we “drink…
How Intigriti Optimizes Prato’s Software Security
In the age of digital transformation, cybersecurity has become an essential part of businesses. A rise in cybercrime highlights the vulnerabilities in business-critical applications, emphasizing…
10 LLM Vulnerabilities and How to Establish LLM Security [OWASP]
LLM01: Prompt Injection What Is Prompt Injection? One of the most commonly discussed LLM vulnerabilities, Prompt Injection is a vulnerability during which an attacker manipulates…
High-Entropy Writing
I read a post by Derek Sivers recently that reminded me of Claude Shannon’s concept of Entropy. The post was about the his opinion that…
API2:2023 Broken Authentication
Welcome to the 3rd post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…