Материалы по теме 'owasp top 10' | DevsDay.ru

IT-блоги Материалы по теме 'owasp top 10'

IT-блоги Материалы по теме 'owasp top 10'


Безопасность DZone Security 25 мая 2022 г. 15:24

While website owners consider scalability and high performance to be supreme, the changing threat landscape requires security to be an equally crucial consideration. The first step to securing a vulnerable website is to identify application vulnerabi...... читать далее

technical articles

Безопасность DZone Security 6 мая 2022 г. 15:11

Bob, the software architect, and Alice, the SecDevOps engineer are part of a growing software development start-up company. Here is the conversation between them on developing a new set of microservices. Bob: Did you hear the announcement? The client...... читать далее

devsecops

Безопасность DZone Security 30 апреля 2022 г. 23:51

This week, we have an article on 7 reasons why API security strategies are failing, details on the recent keynote by Werner Vogels at AWS re:Invent on 6 rules for good API design, an article by Cisco on API discovery, and a review of some of the bigg...... читать далее

aws api security inventory api vulnerabilities api strategy breaches

DevOps DZone DevOps 29 апреля 2022 г. 14:06

Vulnerabilities produce enormous reputational and financial risks. As a result, many companies are fascinated by security and desire to build a secure development life cycle (SSDLC). So, today we're going to discuss SAST — one of the SSDLC components...... читать далее

security devops devsecops static analysis sdlc sast vulnerabilites developing ssdlc

Безопасность DZone Security 19 апреля 2022 г. 18:45

So, do you think your APIs are secure? You might want to take another look at your security.... читать далее

security cybersecurity api management api security api gateway api strategy owasp top 10 web application firewall api first

Безопасность DZone Security 15 апреля 2022 г. 21:50

This week, we have details of compromised Google Cloud accounts being used to mine cryptocurrency (mainly with weak or no passwords on API connections), there’s an article on how GraphQL can be used as an API gateway (including security controls), a...... читать далее

training api security graphql api gcp cloud appsec best practices api tooling api tools

Безопасность DZone Security 15 апреля 2022 г. 1:43

APIs are the connective tissue of scalable websites — fundamental to functioning in today’s digital world. But much like the physical world, weaknesses in connections and associated protocols can result in significant, sometimes existential, trouble...... читать далее

integration apis api security api adoption

Безопасность DZone Security 31 марта 2022 г. 21:56

This week, we have a vulnerability in the AWS API gateway that allows a potential cache-poisoning attack, disclosed at the recent BlackHat Europe conference, a guide on how to harden Kubernetes API access, a report from Forbes on the need to take API...... читать далее

api security aws api gateway owasp top 10 api security news kubernetes api

Разработка The GitHub Blog 21 марта 2022 г. 17:41

If there's one habit that can make software more secure, it's probably input validation. Here's how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.... читать далее

Community Security GitHub Security Lab OWASP Top 10 Proactive Controls

Безопасность DZone Security 15 марта 2022 г. 15:30

An Application Programming Interface (API) is a set of protocols that allow software components to interact. The intermediary interface is commonly used for streamlining development by enabling software teams to reuse code. APIs also abstract functio...... читать далее

security cybersecurity api security broken api broken authentication

Безопасность DZone Security 21 февраля 2022 г. 14:06

Introduction The Secure Software Design Lifecycle (SSDL) is the infusion of security with each step of software design, from architecture to end of life. By doing so we protect our customers from threats and reduce our risk and attack surface. There...... читать далее

security sdlc security best practices secure sdlc secure development secure software software lifecycle ssdlc

Разработка The GitHub Blog 17 февраля 2022 г. 18:00

Today we launched new code scanning analysis features powered by machine learning. The experimental analysis finds more of the most common types of vulnerabilities.... читать далее

Product Security code scanning CodeQL machine learning

Безопасность DZone Security 17 февраля 2022 г. 9:37

A cybersecurity incident can cause severe damage to the reputation of the organization and competitive disadvantage in the market, the imposition of penalties, and unwanted legal issues by end-users. On average, the cost of each data breach is USD 3...... читать далее

security devops microservices docker containers cloudnative

Безопасность DZone Security 11 февраля 2022 г. 15:31

How can simple XML files processing turn into a security weakness? How can a blog deployed on your machine cause a data leak? Today we'll find answers to these questions, learn what XXE is and what it looks like. Before we begin, note that there are...... читать далее

.net security tutorial xml c# code quality xxe

Разработка The Cloudflare Blog 26 января 2022 г. 13:59

More than 50% of all traffic processed by Cloudflare is API-based, and it’s growing twice as fast as traditional web traffic. This huge growth is driven by a few industries, and it calls for the development of dedicated security solutions... читать далее

Cloudflare Radar API API Shield Security

Безопасность DZone Security 25 января 2022 г. 9:26

The full form of OWASP is the Open Web Application Security Project. It is a non-profit group that helps a variety of organizations to develop, purchase, and maintain software applications that can be trusted. The educated developers, designers, arch...... читать далее

cyber security

Разработка DZone Web Dev 16 января 2022 г. 15:28

Let's take a look at the list of information sources that can be useful for the C# / .NET developers. Our list includes blogs, repositories with source code, standards and accounts of developers who covers the deep aspects of the C# and .NET. Blogs ...... читать далее

.net dotnet web dev c# csharp

Разработка dou.ua 12 января 2022 г. 10:00

Цю добірку питань, що ставлять кандидатам різних рівнів на технічних співбесідах на позицію QA, склали спільними зусиллями практики. Список — лише орієнтир. Кандидатам радимо пробігтись питаннями та відзначити невідомі слова, погуглити й заодно підви...... читать далее

Безопасность DZone Security 6 января 2022 г. 14:38

The number of web applications and APIs exposed to the internet are growing exponentially. Unsecure web applications and APIs are low-hanging fruit that attackers are targeting to steal sensitive data. In a recent report “State of the Web Security fo...... читать далее

api security web application security cybersecuity web application firewall web app security