Category

API Security

Category

Attacks against known vulnerabilities are one of the most common security risks. Have you seen an updated OWASP Top-10? A risk that used to be A09 Using Components with Known Vulnerabilities is now titled A06:2021-Vulnerable and Outdated Components. This category moved up to #06 from #9 in 2017. We highlighted this in our OWASP Top 10 2021 proposal that we published earlier this year. We all know: patch management is hard. For many reasons: backward…

Introduction With online gambling clubs turning into a staple alternative across nations like the United Kingdom, numerous sites are showing up out of nowhere and not all are protected or secure. Numerous club regulars pick to utilize correlation locales, as the UK gambling clubs recorded at believed sites like Casimple.com all get autonomously checked to guarantee they are completely authorized and reasonable. There is little uncertainty with regards to why the internet betting climate is…

In our modern world, web applications are becoming ever more important. Bad actors know this and they target them more frequently than ever before. This is not likely to stop any time soon as the number of web applications the world needs will only go up with its reliance on technology. To fully prevent an attack is impossible but we need to try our hardest to do so and in our daily struggles in this…

The old mentality of building a moat around important assets and trusting anyone or anything that is already inside the castle perimeter has failed us. Attackers have developed many techniques to jump the moat and scale the castle walls to get at what they want. Thus, the new rallying cry is to implement Zero Trust–the notion that no entity – human or machine, inside or outside the perimeter – should be trusted unconditionally until authenticated,…

What do you know about your APIs? Why are the vulnerable v2 and v3 still exposed if they are deprecated for almost a year? What else is exposed and you don’t even know? Are Swagger specs up to date? (Teaser: Surely not). A lot of questions, right? Meet Wallarm’s latest feature for API Discovery and Observability to better understand and protect your APIs in cloud-native environments – API Security Platform. What is Wallarm API Discovery?…

HTTP/2 become the standard defacto for the modern web and causes new application security risks. The HTTP2 request smuggling is one of a few HTTP/2 vulnerabilities with the high severity that raised last year. In this post, we will describe it in detail and suggest an open-source tool http2smugl that detects such kinds of vulnerabilities. HTTP/2 is the thing that already took an Internet. According to the Wikipedia: “The standardization effort was supported by Chrome,…