The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative

Your legal team just handed you a 400-page document and said "figure out compliance." The EU AI Act is live, your organization falls under its scope, which is broader than many expect. Even non‑EU companies must comply if their AI systems are used, deployed, or produce effects within the European...

TraceLens: Question-Driven Debugging for Taint Flow Understanding

Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is an important sensemaking process during end-user taint...

MalFlows: Context-Aware Fusion of Heterogeneous Flow Semantics for Android Malware Detection

Static analysis, a fundamental technique in Android app examination, enables the extraction of control flows, data flows, and inter-component communications ICCs, all of which are essential for malware detection. However, existing methods struggle to leverage the semantic complementarity across...

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impac...

The Three Key Competencies that Optimize Data Security Orchestration

One of the principal benefits of a modern data-centric security fabric is being able to automatically apply security controls to the data itself and drive policy-compliant data handling behavior by privileged users. But we all know that detecting a security incident is just the first part of the...

Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps

Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. "Mariana Trench is designed to be able to scan large...

RSA 2018 recap: GDPR, Increasing Visibility and Transparency of Cloud Security

RSA 2018 is in the books! The event welcomed 42,000 attendees to San Francisco, including cybersecurity professionals, vendors, media, and analysts. The themes of visibility and transparency repeatedly came up in discussions and presentations as organizations grapple with ever-increasing data flo...

European Commission Urges U.S to Reform Surveillance Methods

The European Commission is urging the United States government to make some changes to the way it handles surveillance to help restore the trust in the relationship between the EU and the U.S. The commission is asking for the U.S. to promote privacy rights internationally, adopt the EU’s data...

HTTP Server Parameter Pollution

HTTP Parameter Pollution HPP is a hacking technique. HPP attacks allow the attacker to override or add HTTP GET/POST parameters by injecting query string delimiters. This is an input validation vulnerability. Input validation flaws are caused by unsanitized data flows between the front-end and th...