Szilárd Pfeiffer: API security: there is nothing new under the sun
With the incredible amount of data flowing through them, the security of APIs is becoming a growing concern in the IT industry. What are the best practices and proven solutions that organizations can follow in order to ensure the security of their APIs? There is really nothing new under the sun: APIs are secured by exactly the same precautions as anything else you publish on the internet.
Gábor Pék: Trusted Types: A world without XSS
XSS, or cross site scripting, is one of the most widespread security problems today, as confirmed by statistics from bug-hunting companies such as Hackerone. Although our defenses have been significantly strengthened in recent years, this attack vector is still with us. As we move away from server rendered pages towards SPAs (Single Page Applications), we are being forced to deal with a new type of XSS attack: the DOM XSS. Gábor shares the story of the creation of Trusted Types, a new browser-based protection mechanism, and his experience with implementing it into Avatao’s Angular code base. According to a study conducted by Google, the company "has zero DOM XSS among applications migrated to Trusted Types." A great result, to be sure! But is it worth the effort?
Csaba Krasznay: Wars and Cyber Warfare in the Age of APIs
A new chapter in the security of our world opened on 24 February 2022. The term ‘our world’ must also include cyberspace, as the Ukrainian-Russian war has openly demonstrated our dependence on information systems and the vulnerability of this ecosystem. Although the news of the war is still concerned with conventional armed clashes, more and more information is available concerning the activities and tools of the various state and non-state hacker groups. Companies can prepare for the re-emphasis on cyber operations as the battles in physical space subside, with the difference that perhaps less significance will be placed on financial gain and far more on destruction. Most of enterprise IT has already migrated to the cloud and solutions that exchange data through APIs, which have have become widespread. However, the rapid transition has focused on efficiency rather than cybersecurity. It is no coincidence that, according to Gartner, APIs are expected to be the most attacked interfaces in 2022.
API security and online fraud? What is the connection?
According to Europol, online fraud is one of the major cyberthreats we face. One of the effective tools against them is a content analysis on API traffic.
The growing costs of fraud
The infograph gives insight into the global trends concerning fraud and demonstrates why you need to implement fraud prevention measures.
Weakened encryption is a silver bullet - not just for law enforcement agencies, but for cybercriminals
United Nations are preparing to negotiate a draft of a new convention on cybercrime. Szilárd Pfeiffer has shared his thoughts on data privacy and encryption at an intersessional consultation of the United Nations Office on Drugs and Crime.
New security tools are required in a new era
A new chapter in the security of our world began on 24 February 2022. It's time to prepare your organization against an even stronger wave of cyberattacks.
The internet is a global village, not a metropolis
Think the internet is large enough to hide from criminals in the hope you won’t be the next victim of a cyber attack? Sadly, this is no longer the case. The internet is a global village, where everyone is your neighbor, and anyone can detect your mistakes and vulnerabilities.
Lessons learned from 2021 cyberattacks
What are the key learning points of 2021 from a cybersecurity point of view? Csaba Krasznay, Director of Cybersecurity Research Institute at National University of Public Service shares his thoughts.
How would Zero Trust prevent a Log4Shell attack?
Log4Shell has made waves in the not-so stagnant waters of the IT Security industry last December. The post explains how organizations should apply Zero Trust to prevent Log4Shell - and similar - attacks.
2022: Year of the cyber cataclysm?
A lot of bad cyber-related things happened in 2021. Solarwinds, the Colonial Pipeline, and the Microsoft Exchange and log4j vulnerabilities, to name but a few. But what does the future hold for us in 2022?
Modern Techniques to Prevent Malware instead of Detecting It
Google lists 12,400,000 results to the search of "malware detection tools." Is malware detection a silver bullet, or is there a smarter method to prevent malware attacks? We believe there is one.
Are ransom DDoS attacks coming back?
The emerging threat of ransom DDoS attacks is knocking on the doors, or rather the TCP ports, giving us another example of how cybercriminals are adapting to their victims’ IT infrastructure and cyber defense.
Why is Zero Trust more important than ever before?
In the age of ransomware and supply chain attacks, how can organizations defend themselves? One of the possible answers is Zero Trust.
Zero Trust: Is it anything new?
What are the theories and practices and why they are so important? Let’s take a look.
The Shadow of Mass Endpoint Surveillance – Is the Network Already Secure?
Government agencies and Big Tech companies want to automatically scan mobile devices to fight against terrorism or child sexual abuse materials. Should we let them do that?
What can we learn from the Coursera API-story?
A number of security vulnerabilities have been found and disclosed in the Coursera online learning platform. Csaba Krasznay summarizes the key learning points of the story.
What’s new in Balasys Proxedo Network Security 1.0.5
Key new features that have been added to the product since the 1.0. release
7 tips to prevent breaches like the SolarWinds hack
Let's learn from the SolarWinds hack!
Balasys TOP10 IT Security Predictions 2021-2023
In the past year, COVID-19 has had a greater impact on work habits and security environments than any other health emergency in history.
Complement web application firewalls and API management
A Proxedo API Security use case
Zorp GPL – an open source, cloud-based firewall for Kubernetes
The benefits of Zorp GPL when used as an ingress controller in Kubernetes
Why do you need API security?
Major concerns around the security of API-traffic and introduction of a potential solution.