API security serves as an excellent entry point into a penetration testing career, as noted by an expert in the field. INTERVIEW: Securing web APIs demands a unique approach compared to traditional web application security, as standard tests often overlook prevalent vulnerabilities. According to API security specialist Corey J Ball, employing methods that are not…
API security serves as an excellent entry point into a penetration testing career, according to a field specialist. INTERVIEW Effective web API security demands a distinct strategy from traditional web application security, as standard testing methods often overlook pervasive vulnerabilities. This perspective comes from API security expert Corey J. Ball, who cautions that traditional assessment…
JFrog advocates for a comprehensive overhaul of vulnerability risk metrics. ANALYSIS Recent research has underscored the weaknesses in the existing CVSS scoring system, pointing out that current metrics might contribute to “overhyping” certain vulnerabilities. The phenomenon of “overinflated” ratings can distract cybersecurity teams, causing them to prioritize issues that may not genuinely impact their organizations…
JFrog emphasizes the need for a comprehensive overhaul of vulnerability risk metrics. ANALYSIS Recent research has shed light on the shortcomings of the current CVSS scoring system, indicating that existing metrics may be inflating the severity of certain vulnerabilities. The so-called “overinflated” ratings are potentially consuming precious resources of cybersecurity teams, diverting their attention from…
John Leyden 22 February 2023 at 14:23 UTC A patch has been released to address a critical vulnerability affecting various technologies. A significant security flaw found in a popular anti-malware scanning tool has posed serious risks to products from the networking giant Cisco. This flaw, identified in the ClamAV library (designated as CVE-2023-20032), creates a…
Jessica Haworth-Elsayed 24 February 2023 at 13:09 UTC Updated: 27 February 2023 at 15:32 UTC Your biweekly summary of Application Security vulnerabilities, emerging hacking methods, and important cybersecurity updates. This week, Twitter has come under fire as Elon Musk’s platform declared that SMS-based two-factor authentication (2FA) will now be exclusive to its paying subscribers. Historically,…
Jessica Haworth-Elsayed 24 February 2023 at 13:09 UTC Updated: 27 February 2023 at 15:32 UTC Your biweekly summary of AppSec vulnerabilities, emerging hacking methods, and significant cybersecurity developments. This week, Twitter faced criticism as Elon Musk’s platform announced that SMS-based two-factor authentication (2FA) will now be available only to subscribers. Previously, the social media platform…
Ben Dickson 27 February 2023 at 11:50 UTC Recent findings suggest vulnerabilities in cross-site request forgery protections. A recently patched bug in the Chromium project poses a risk for malicious actors, enabling them to bypass a crucial security feature that safeguards sensitive cookies within Android browsers. The SameSite attribute allows developers to control cookie access,…
Ben Dickson 27 February 2023 at 11:50 UTC Recent findings revealed that protections against cross-site request forgery (CSRF) may be circumvented. A recently addressed vulnerability within the Chromium project could enable malicious entities to bypass security features intended to protect sensitive cookies on Android browsers. The SameSite attribute allows developers to limit cookie access. For…
Ben Dickson 27 February 2023 at 11:50 UTC Recent vulnerabilities have raised concerns about the effectiveness of cross-site request forgery protections. A recently patched issue within the Chromium project has revealed a potential weakness that could allow attackers to circumvent security mechanisms designed to safeguard sensitive cookies on Android web browsers. The SameSite attribute is…
