735 matches found
2023 OWASP Top-10 Series: Spotlight on Injection
Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might...
2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs
Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, the impact...
Unlocking Seamless API Security: Revenera’s Journey with Wallarm
In today's digital landscape, ensuring the security of web applications and APIs is paramount. The journey to find the right security solution can be filled with challenges and choices. In this blog post, we'll dive into the experience of Rob Davies, VP of Engineering and Lead Architect at...
Mastering API Security: Learn the 3 Key Principles at Kong API Summit 2023
In an era where APIs Application Programming Interfaces are the lifeblood of digital interactions, the need for robust API security has never been more critical. According to Gartner research, a staggering 90% of web-enabled applications are predicted to harbor vulnerabilities related to APIs. To...
2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management
Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impac...
Introducing Easy API Security Deployment
...
Elevate Your Cybersecurity with Imperva Cloud WAF: More Than Just a Checkbox
In the world of digital modernization, having a web application firewall WAF isnt an option - its a necessity. But in the endless sea of security solutions, how do you choose the right one? How do you ensure that youre not merely checking a box, but genuinely fortifying your digital fortress? Whi...
CVE-2023-26143
CVE-2023-26143 affects the blamer package prior to version 1.0.4. The root cause is an Arbitrary Argument Injection via the blameByFile() API due to insufficient input sanitization and invalid file-path handling, coupled with improper passing of git flags ( -- ) to terminate options. Public analy...
Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives
Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework CSF. It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to...
2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration
Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and...
2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery
Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery SSRF. In this series we are taking an in-depth look at each category – the details, the...
Wallarm Presenting at BSides Albuquerque
If you’re in the Albuquerque area this Friday and/or Saturday, we hope you’re planning on going to BSides ABQ – it promises to be a fun-filled weekend of learning. The team there has pulled together an interesting set of talks covering a wide variety of topics such as Infosec Ontology, Social...
2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows
Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the...
The Challenge of Securing APIs for a Luxury Hotel Chain
...
2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization
Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the...
How to Secure All Your APIs Through Multiple Deployment Options
Imperva has invested in strengthening our API Security offering to meet the needs of customers since the acquisition of CloudVector in 2021. Since then, the product’s capabilities have expanded, positioning it as a leader in the growing API Security market. What makes Imperva API Security unique ...
2023 OWASP Top-10 Series: API4:2023 Unrestricted Resource Consumption
Welcome to the 5th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API4:2023 Unrestricted Resource Consumption. In this series we are taking an in-depth look at each category – the details, the...
api.marketchecker.blackpinguin.de Cross Site Scripting vulnerability OBB-3590156
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
2023 OWASP Top-10 Series: API3:2023 Broken Object Property Level Authorization
Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API3:2023 Broken Object Property Level Authorization. In this series we are taking an in-depth look at each category – the detail...
CVE-2023-39966
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...