Материалы по теме 'owasp' | DevsDay.ru

IT-блоги Материалы по теме 'owasp'

IT-блоги Материалы по теме 'owasp'


Безопасность DZone Security 25 мая 2022 г. 15:24

While website owners consider scalability and high performance to be supreme, the changing threat landscape requires security to be an equally crucial consideration. The first step to securing a vulnerable website is to identify application vulnerabi...... читать далее

technical articles

Безопасность DZone Security 11 мая 2022 г. 14:52

Storing passwords can be a nuance due to the liability of them being compromised. To make matters worse, users tend to reuse passwords across services which makes storing them securely even more important. The aim behind storing passwords securely is...... читать далее

security opensource authorization login authenciation jwt token json web tokens

Разработка The GitHub Blog 6 мая 2022 г. 15:52

We're taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.... читать далее

Product Security code scanning Dependabot GitHub Security Lab

Безопасность DZone Security 6 мая 2022 г. 15:11

Bob, the software architect, and Alice, the SecDevOps engineer are part of a growing software development start-up company. Here is the conversation between them on developing a new set of microservices. Bob: Did you hear the announcement? The client...... читать далее

devsecops

Безопасность DZone Security 30 апреля 2022 г. 23:51

This week, we have an article on 7 reasons why API security strategies are failing, details on the recent keynote by Werner Vogels at AWS re:Invent on 6 rules for good API design, an article by Cisco on API discovery, and a review of some of the bigg...... читать далее

aws api security inventory api vulnerabilities api strategy breaches

DevOps DZone DevOps 29 апреля 2022 г. 14:06

Vulnerabilities produce enormous reputational and financial risks. As a result, many companies are fascinated by security and desire to build a secure development life cycle (SSDLC). So, today we're going to discuss SAST — one of the SSDLC components...... читать далее

security devops devsecops static analysis sdlc sast vulnerabilites developing ssdlc

Безопасность DZone Security 19 апреля 2022 г. 18:45

So, do you think your APIs are secure? You might want to take another look at your security.... читать далее

security cybersecurity api management api security api gateway api strategy owasp top 10 web application firewall api first

Безопасность DZone Security 15 апреля 2022 г. 21:50

This week, we have details of compromised Google Cloud accounts being used to mine cryptocurrency (mainly with weak or no passwords on API connections), there’s an article on how GraphQL can be used as an API gateway (including security controls), a...... читать далее

training api security graphql api gcp cloud appsec best practices api tooling api tools

Безопасность DZone Security 15 апреля 2022 г. 1:43

APIs are the connective tissue of scalable websites — fundamental to functioning in today’s digital world. But much like the physical world, weaknesses in connections and associated protocols can result in significant, sometimes existential, trouble...... читать далее

integration apis api security api adoption

Разработка habr.com 14 апреля 2022 г. 9:43

Мы часто слышим в новостях фразы «Хакеры атаковали», «Хакеры взломали», «Хакеры украли» и подобные. Как сообщают legaljobs, хакеры проводят 1 атаку в вебе каждые 32 секунды. По прогнозам cybercrime magazine, ущерб от киберпреступлений к 2025 году сос...... читать далее

Блог компании SimbirSoft Информационная безопасность JavaScript Разработка веб-сайтов Программирование теги веб-разработка информационная безопасность frontend javascript

Безопасность DZone Security 4 апреля 2022 г. 20:31

The SolarWinds hack in December of 2020 is considered one of the largest and most sophisticated attacks known to date. The attack, which exposed the data of over 30,000 public and private organizations, was used as a springboard to compromise a raft...... читать далее

security ai cybersecurity podcast ml design principles cybersecurity tips ai in cybersecurity ml in cybersecurity

Безопасность DZone Security 31 марта 2022 г. 21:56

This week, we have a vulnerability in the AWS API gateway that allows a potential cache-poisoning attack, disclosed at the recent BlackHat Europe conference, a guide on how to harden Kubernetes API access, a report from Forbes on the need to take API...... читать далее

api security aws api gateway owasp top 10 api security news kubernetes api

Разработка The Cloudflare Blog 31 марта 2022 г. 15:13

Cloudflare Managed Ruleset updates for the recent vulnerabilities affecting the Java Spring framework and related software components... читать далее

WAF Security CVE

Разработка habr.com 31 марта 2022 г. 6:01

Часть 1. Как писать свой код без ошибокНа сегодняшний день трудно представить себе какую-либо отрасль бизнеса, в которой не использовались бы информационные технологии. Не только в банковской сфере, но и в промышленности, транспорте, сельском хозяйст...... читать далее

Информационная безопасность Программирование SDLC SSDLC Owasp SAMM Agile development security devsecops

Разработка The GitHub Blog 21 марта 2022 г. 17:41

If there's one habit that can make software more secure, it's probably input validation. Here's how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.... читать далее

Community Security GitHub Security Lab OWASP Top 10 Proactive Controls

Безопасность DZone Security 15 марта 2022 г. 15:30

An Application Programming Interface (API) is a set of protocols that allow software components to interact. The intermediary interface is commonly used for streamlining development by enabling software teams to reuse code. APIs also abstract functio...... читать далее

security cybersecurity api security broken api broken authentication

Разработка The Cloudflare Blog 15 марта 2022 г. 12:59

We are excited to provide our new Cloudflare Web Application Firewall, with a Free Managed Ruleset to all Cloudflare users... читать далее

Security Week WAF Managed Rules Free

Разработка The Cloudflare Blog 15 марта 2022 г. 12:59

Today, we’re excited to give our SaaS providers new tools that will help them enhance the security of their customers’ applications... читать далее

Security Week SaaS SaaS Security

Разработка The Cloudflare Blog 15 марта 2022 г. 12:59

Today we are excited to complement managed rulesets (such as OWASP and Cloudflare Managed) with a new tool aimed at identifying bypasses and malicious payloads without human involvement, and before they are exploited... читать далее

Security Week WAF Machine Learning

Разработка The Cloudflare Blog 15 марта 2022 г. 12:59

The security landscape is moving fast. We invited users to help us shape a new WAF experience that enables us to evolve WAF to meet their demands and use cases... читать далее

Security Week WAF Firewall Security User Research Product Design Design