Security

veriato

Five ways AI is being used in the cybersecurity industry

At a point in time, smart devices and robotics were common elements in the storyline of futuristic fictional novels. Today, those concepts are the modern norm across the technology industry. Similarly, in cybersecurity, pioneering professionals held on to seemingly far-fetched dreams where logs were easy to analyze, and false positives didn’t exist. While these challenges still exist, artificial intelligence (AI) is making these once far-fetched dreams the new norm in the security industry.

tripwire

When Is a Data Breach a Data Breach?

A data breach remains a common headline in the news cycle. A different company, website or social network reports a security issue almost daily. If it feels like using the internet has become a risky endeavor, the feeling is accurate. But what exactly classifies an event as a data breach? The world wide web is littered with different security gaps and vulnerabilities. But that doesn’t mean they have been exposed or attacked yet.

detectify

Apache Struts Vulnerabilities

Apache Struts is a well-known development framework for Java-based web applications that is mostly used in enterprise environments. If you search for Apache Struts CVEs on MITRE, you currently get 77 results, and most of the critical ones are due to OGNL expression injection, which is very similar to SSTI (Server Side Template Injection) attacks. In this article we will go through the security history of Apache Struts, common Apache Struts security issues and the impact of these vulnerabilities.

Proof of Concept: CVE-2017-9791 Apache Struts OGNL Expression Injection

Object-Graph Navigation Language (OGNL) is an expression language for handling Java objects. When an OGNL expression injection vulnerability is present, it is possible for the attacker to inject OGNL expressions. Many critical Apache Struts CVEs are the result of GNL expression injection. Watch our short attack demo video where we explain Apache Struts OGNL expression injection and how it works.
twistlock

Five Best Practices for API Security

With today’s Web, massive data loads are accessed through APIs. In fact, according to programmableweb.com, there are now more than 10,000 publicly available APIs. Given the foundational role that APIs now play in today’s infrastructure, keeping APIs secure is absolutely critical. In this article, we explain five best practices that organizations can follow to help ensure API security.

cloudpassage

8 ways to achieve agile security

Between 2017 and 2021, worldwide spending on cybersecurity will top $1 trillion, according to predictions from Cybersecurity Ventures. The barrage of cyberattacks on enterprises and new threat vectors within networks due to the move to Infrastructure as a Service (IaaS), or public cloud, makes the need for agile security more important than ever for CIOs and CISOs managing cybersecurity.

tripwire

Is the Private or Public Cloud Right for Your Business?

It wasn’t a very long time ago when cloud computing was a niche field that only the most advanced organizations were dabbling with. Now the cloud is very much the mainstream, and it is rare to find a business that uses IT that doesn’t rely on it for a part of their infrastructure. But if you are going to add cloud services to your company, you will need to choose between the private cloud and the public cloud.