The Growth of Public Cloud and the Need for Cloud Security Since 2006 when Amazon first introduced EC2 — the first public cloud service — cloud has become a major staple of enterprise information technology strategy. Both Infrastructure as a Service (IaaS) and newer cloud services continue to grow robustly. Enter the need for cloud security. […]
Securing Microservices Vs. Monolithic Apps
New requirements for Securing Microservices Vs. Monolithic Apps Enterprises are migrating from monolithic applications to microservices, hoping to accelerate software deployment and improve scalability. Security is sometimes glossed over in these transitions. Simple best practices like authenticating users and using SSL are still important to follow. But teams need to think through important differences between […]
Dependencies in Cloud-Native Apps can Amplify Risks
Hidden Dependencies in Cloud-Native Apps can Amplify Security Risks Cloud-native applications and modern development practices result in applications that are highly distributed and loosely coupled. In many cases, organizations have no control over or little insight into the different elements and software entities they use in their applications. The result often is hidden dependencies that […]
The Shopify Breach: Why Authz Exploits Slip by Most Security Defenses
What Happened As part of a bug bounty, the security researcher Uzsunny found a critical vulnerability on the Shopify platform. The vulnerability allowed the attacker to assign himself as a “collaborator” to any store on Shopify without approval from the store’s manager. Collaborators have full access to perform any action on the store, including reading […]
Why Was Facebook Vulnerable to an Authentication Exploit?
What Happened: As part of a bug bounty program, the AppSecure cybersecurity research team found a vulnerability on the authentication mechanism of Facebook. It gave them the ability to potentially gain full control of the social media giant’s more than 1 billion users. The team won a $15,000 bounty for its discovery. This vulnerability was […]
The Uber API Authorization Vulnerability
What Happened In September 2019, a critical bug was discovered on Uber API, which allows merchants, service providers and others to offer ride-sharing services to customers. Uber had exposed a vulnerable application programming interface (API) endpoint that allowed attackers to steal valuable data, including personally identifiable information (PII) records and authentication tokens of riders and drivers. The leaked […]
Web Application Firewalls Aren’t Protecting Cloud-Native Apps
Your web application firewall (WAF) is humming at the edges of your network, faithfully blocking malicious attacks before they can do any harm. Better yet, it’s a next-generation WAF (NG-WAF). It consists of signatures, rules, and a sprinkle of machine learning to protect your applications (and user data) from harm. You’ve got it covered, correct? […]
The New Norm for Modern Apps: Security Observability
Observability has burst onto the scene across all types of operational and security-focused activities. Its need is being driven by increased demands for businesses to be more responsive to changes and more proactive when dealing with potential problems. In particular, security observability holds the promise to help reduce the time to detect a cyberattack. And […]
TraceAI : Machine Learning Driven App and API Security
API security Modern applications are mobile first and are built around cloud-native distributed microservices architectures. These architectures have become the basic building blocks for complex and reliable distributed web and mobile applications. Many of these distributed APIs expose the business logic directly over the web; hence the attack surface and attack vectors are very different […]
Safeguarding Composable Architecture Applications Based on API-enabled Components
The use of composable methodologies for application development is growing rapidly. The reason: It offers many benefits that speed the development process and opens up application creation to developers of all skill levels. However, the speed and ease-of-use benefits, via the reuse of pre-built components, can introduce new security risks that traditional security management solutions […]