The Role of WAFs in the DevSecOps Focused World of Modern Application Security

WAFs, or web application firewalls, have been around since the late 1990s, becoming popular in the early 2000s when OWASP formalized its top 10 list of application vulnerabilities. WAFs are designed to monitor and block suspicious HTTP traffic from reaching your web applications. This is typically done based on a series of rules that block…

Read More

Member Spotlight: Pablo Agrio

This month’s member spotlight is Pablo Agrio, vulnerability management lead for SHEIN. Pablo always felt that he had a knack for defense, on the sports field and in debates, pleading his case as a kid, so he looked for a career where he could fuse his interest in IT with his defensive mindset. Knowing he…

Read More

Ransomware, BEC, and Phishing Top Cisco Talos Incident Response Trends Q3 2022 Report

Key Takeaways On October 25, 2022, Cisco Talos Incident Response (CTIR) researchers published their Quarterly Report: Incident Response Trends in Q3 2022. Key findings include: Ransomware was the top threat this quarter, a slight change from last quarter where commodity trojans surpassed ransomware by a narrow margin. Several high-profile ransomware groups appeared in CTIR engagements…

Read More

Application Security Challenges Caused by Cloud APIs

Application programming interfaces (APIs) are essential to the functioning of the cloud. APIs are what allow access to and management of cloud services. They also are frequently used to connect microservices, such as containers, within the cloud. In the last decade, application development has moved away from the creation of one monolithic application in favor…

Read More

Alleged Windows Zero-Day Exploited in the Wild to Bypass Security Warnings via JavaScript Files

Context On October 22, 2022, Bleeping Computer reported the technical details of a new Windows zero-day vulnerability that “allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings.” Bleeping Computer assesses that the zero-day was leveraged by ransomware threat actors to deliver the Magniber ransomware in a recent campaign. Technical Details…

Read More