What are injection attacks? Injection attacks refer to any type of attack that targets injection vulnerabilities—a broad category of cybersecurity weaknesses that includes several of the most serious application security risks. While you could argue it’s an artificial way to group otherwise unrelated attacks, the OWASP Top 10 for 2021 took this exact approach, naming […]
There’s no silver bullet solution with cybersecurity, a layered defense is the only viable defense. —James Scott, Fellow at the Institute for Critical Infrastructure Technology Building up overlapping and complementary layers of security is a crucial goal for any company’s cybersecurity program, and web applications and APIs are at the heart of that effort. But […]
Insecure deserialization is a vulnerability that is part of many attack chains against web applications and APIs. A vulnerable application will load data without validating it, allowing an attacker to manipulate the deserialization process and execute malicious code. While not always reported as a standalone vulnerability, insecure deserialization can have serious consequences for cybersecurity, including […]
Decades ago, a young boy sat in the attic of his home, just at the edge of the Empire State Building’s radio shadow. The crackling AM radio suddenly shifted from a Sunday morning church program to the familiar sound of a telephone left off the hook. He perked up, ready to dive into a different […]
Note that, strictly speaking, dynamic application security testing refers to any kind of security testing that’s performed on a running application, including manual dynamic testing. In practice, though, “DAST” or “DAST tool” is now the common term for an automated web vulnerability scanner. Myth #1: DAST doesn’t find anything The very first DAST tools (we’re […]
What are HTTP security headers? HTTP security headers are those HTTP headers that are related specifically to security, exchanged between a client (like a web browser) and a server to define the security of HTTP communication. These include dedicated security headers and several others that can indirectly affect privacy and security. Setting the right security […]
Even though OWASP Top 10 lists are helpful, they are not known for being clear, readable, or fun. While we have a serious post discussing the methodology, categories, and missed opportunities of the OWASP API Security Top 10 for 2023, this time we wanted to take a more light-hearted look at the top ten risks […]
If you follow IT and cybersecurity news, you’ll be familiar with mentions of quantum computing, usually followed by something about post-quantum cryptography. In fact, just recently, NIST announced the formal approval of the first set of PQC standards, which will doubtless fuel more quantum apocalypse predictions in the news. Let’s take a very high-level look […]
The Digital Operational Resilience Act (DORA) is a European cybersecurity framework that was enacted in December 2022 and will be enforced starting in 2025. While created specifically to ensure the resilience of the European Union’s financial systems and institutions in the face of cyberattacks and other incidents involving ICT (information and communication technology), DORA applies […]
What’s with all the buzz around API security? It’s becoming the top concern in application security as everyone is looking for faster and more reliable ways to secure their ever-growing API ecosystem. In Postman’s 2023 State of the API Report, 92% of respondents said they planned to increase their investments in APIs through 2024, which […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC
