cybersecurity

Although OWASP Top 10 lists are useful, they are not known for being easy to understand or enjoyable to read. While we have a serious post discussing the methodology, categories, and missed opportunities of the OWASP API Security Top 10 for 2023, this time we wanted to take a more light-hearted look at the top […]

If you follow IT and cybersecurity news, you’ll be familiar with mentions of quantum computing, usually followed by something about post-quantum cryptography. In fact, just recently, NIST announced the formal approval of the first set of PQC standards, which will doubtless fuel more quantum apocalypse predictions in the news. Let’s take a very high-level look

The Digital Operational Resilience Act (DORA) is a European cybersecurity framework that was enacted in December 2022 and will be enforced starting in 2025. While created specifically to ensure the resilience of the European Union’s financial systems and institutions in the face of cyberattacks and other incidents involving ICT (information and communication technology), DORA applies

What’s with all the buzz around API security? It’s becoming the top concern in application security as everyone is looking for faster and more reliable ways to secure their ever-growing API ecosystem. In Postman’s 2023 State of the API Report, 92% of respondents said they planned to increase their investments in APIs through 2024, which

Rock and roll. Food and drink. Web application security and API security. Some things are just better together, especially when keeping them separate means inefficiencies, costs, and increased risk. But while nobody has problems combining food and drink, putting API and application security on the same table has been a challenge—until now. With its API

XSS filter evasion covers many hundreds of methods that attackers can use to bypass cross-site scripting (XSS) filters. A successful attack requires both an XSS vulnerability and a way to inject malicious JavaScript into web page code executed by the client to exploit that vulnerability. The idea of XSS filtering is to prevent attacks by

JavaScript has evolved significantly from its early days of being lightly sprinkled on static HTML web pages to add dynamism. It now plays a crucial role in modern web applications, making cross-site scripting (XSS) a common security vulnerability with significant impact if exploited successfully. From providing client-side functionality to running across the entire application stack,

The Open Web Application Security Project (OWASP) has compiled the Top 10 for LLM applications as another list-style awareness document to provide a systematic overview of the application security risks, this time in the rapidly growing realm of generative AI. While everyone is aware of some of the risks related to large language models (LLMs),

You may have seen, especially on social media, many “expert” opinions on cybersecurity that freely mix and match seemingly unrelated terms. In the field of application security specifically, you will see people asking about things like the difference between AppSec and DevSecOps—a really strange thing to ask until you realize that in some contexts, people