Application Security Compliance Standards

Whether you’ve developed an application in-house or are simply using software-as-a-service apps, it is beneficial to know the standards that govern application security so you can ensure that you do not accidentally end up out of compliance with them, which in addition to potentially being a regulatory liability, would put you at risk of a…

Read More

Top 10 API Risks in Application Security

Application Programming Interfaces (APIs) are a type of software interface that allows services to communicate with one another to leverage each other’s data and functionality without needing to see everything that is on the other end. They enable applications to talk to one another, such as when you use your Facebook account to login to…

Read More

CWE Releases Top 25 Most Dangerous Software Weaknesses for Security Community

Summary The Common Weakness Enumeration (CEV) organization has released their 2022 Top 25 Most Dangerous Software Weaknesses list. This list demonstrates the most common and impactful software weaknesses occurring during the year of 2022. To create the list, the CWE Team leveraged Common Vulnerabilities and Exposures (CVE) data found within the National Institute of Standards and Technology (NIST) National Vulnerability…

Read More

Technical Details on CrateDepression Rust Supply-Chain Attack Campaign

Context On May 19, 2022, security researchers at Sentinel Labs released technical details of a campaign targeting the Rust development community with a supply-chain attack by leveraging a malicious crate. The Rust Security Response Working Group released an advisory regarding the malicious crate on May 10, 2022. The malicious crate was named “rustdecimal,” likely intended…

Read More

The Components of a Holistic SaaS Security Strategy

SaaS Security: A Changing Model of Cybersecurity Businesses today commonly employ hundreds of individual SaaS applications for a variety of specific functions, but the majority of sensitive data is typically entrusted to a small set of foundational enterprise applications. Security leaders are well aware that the transition to SaaS has prompted increased targeting by bad…

Read More