RASP, or Runtime Application Self-Protection, is a modern security technology that protects web applications from attacks during runtime. The technology is an important complement to defense systems that focus on the perimeter, but RASPs also have weaknesses that can introduce their own vulnerabilities. What are RASP’s strengths and weaknesses in protecting against modern security threats? […]
Security Risks With No-Code/Low-Code Tools
As the popularity of no-code and low-code tools grows, so, too, do security concerns The demand for new applications is growing at a rapid rate. Many individuals and business units will not tolerate delays. As a result, citizen developers are stepping in, some of whom may be sanctioned by the company while essentially operating as […]
Use the OWASP API Top 10 to Secure Your APIs
The tools, languages, platforms, and methods used to build applications have changed drastically over the past decade. Application security practices have to change with them; otherwise, security professionals will be playing constant catch-up with attackers and cybercriminals. What Is the OWASP API Top 10? The increase of microservices and application programming interfaces (APIs) has given […]
Security Observability: Why Tracing?
Detecting a cyberattack can take more than 200 days. During this time, attackers might be exploiting your system while you are completely unaware. Cyberattacks can cost affected organizations as much as $13 million per year. What if we could reduce the time to detect a cyberattack all the way down to zero? How much money […]
Secure Kubernetes Architecture: Six Factors Essential to Success
Kubernetes has become the go-to container orchestration tool for businesses. Check out these telling stats [source: Enterpriser’s Project]: 84% of companies are using containers in production. Of those, 78% are using Kubernetes to manage their containers. 69% of companies have found security holes due to misconfiguration of their Kubernetes environment. Your Kubernetes architecture is like a […]
Web Application Security is not API Security
Do you follow the same procedures to secure a web application as you do an API? Is there a difference between the two? We’ve spoken about API security quite a bit in the past few months because we believe that there are critical differences between API security and traditional web application security. A lack of […]
Modern AppSec and Supply Chain Attacks – Three Challenges
The recent news about the SolarWinds breach has focused on the difficulty and challenges a supply chain attack presents. In the case of what Microsoft is calling “solorigate,” the attackers modified a dll deep inside a trusted application, which was then deployed into over 18,000 enterprises and government organizations, where it would then create a live back […]
The Evolution to Cloud-Native Applications and APIs
If you’ve spent any length of time in application development, you’re familiar with change. It’s the only constant. And along with how we build applications come changes in the techniques used to keep them secure. Securing modern applications requires more diligence than ever before. A review of how application development has changed over the past […]