Authentication-related vulnerabilities, previously known as Broken Authentication, have become a significant concern. This category now includes weaknesses in identification processes. Notable vulnerabilities in this realm include CWE-297, CWE-287, and CWE-384. Properly confirming…
Category: English
Vulnerable and Outdated Components – VIDEO
Vulnerable Components pose a unique challenge in application security, as they lack mapped Common Vulnerability and Exposures (CVEs) and are often difficult to test. In this post, we will explore the impact…
Insecure Design – VIDEO
Insecure design and architectural flaws are a new category of risks for 2021, and it is crucial to move beyond “shift-left” in the coding space to pre-code activities critical for the principles…
Security Misconfiguration – VIDEO
Misconfigurations in application security can pose a significant risk to organizations, potentially leading to unauthorized access, data breaches, and exploitation. It is alarming to note that approximately 90% of applications undergo testing…
Injection – VIDEO
Injection attacks pose a significant security threat to modern applications, with SQL, NoSQL, OS command, ORM, LDAP, and EL or OGNL injection being the most common types. Developers and organizations can prevent…
Security Logging and Monitoring Failures – VIDEO
In the ever-evolving landscape of cybersecurity, the significance of security logging and monitoring cannot be overstated. This category has risen to #3 in the OWASP Top 10 2021, highlighting its critical role…
Software and Data Integrity Failures – VIDEO
In the realm of cybersecurity, ensuring the verification of software updates, critical data, and CI/CD pipelines is of utmost importance. However, without the necessary safeguards, software and data integrity failures can pose…
Sandworm’s WinRar Attack on Ukrainian Networks
The Russian hacking group known as ‘Sandworm’ has been identified as the culprit behind an attack on Ukrainian state networks, where they used WinRar to erase data on government devices. The Ukrainian…
US Must Match China’s Digital Strategy
The book Fixing American Cybersecurity discusses the need for a public-private partnership in order to better protect company networks from cyber criminals and adversaries. In this Q&A with Larry Clinton, President and…
CISOs: Secure & Responsible
This year’s high-profile layoffs have caused organizations to think carefully about their costs and plan for a potentially uncertain future. For Chief Information Security Officers (CISOs), this means showing financial responsibility, increasing…