Weaknesses of signature-based API protection
Web Application Firewalls (WAFs) are widely used to protect websites and APIs against various attacks, such as SQL injection (SQLi) and cross-site-scripting (XSS).
No Zero Trust Network without strong authentication
A “Zero Trust” cybersecurity model has been one of the most important innovations in organizational risk management in recent years. It constitutes a fundamental shift in mitigating risk, but one that is still not widely adopted or even understood.
The role of APIs in Open Banking initiatives
The practice of securely sharing financial data, subject to customer consent, through banking APIs gave birth to hundreds of new applications that were previously unavailable.
API és cloud biztonság a kiberháború idején
Az orosz-ukrán háború számos tanulsággal szolgált már eddig is a kiberbiztonság területén dolgozók számára, de ahogy haladunk előre az időben, egyre több olyan, látszólag kisebb jelentőségű, ámde hosszú távon nagyon fontos üggyel is foglalkozni kell, mint például az API és a cloud biztonság.
API security: There is nothing new under the sun
There is really nothing new under the sun: APIs are secured by exactly the same precautions as anything else you publish on the internet.
Trusted Types: A world without XSS
XSS, or cross site scripting, is one of the most widespread security problems today, as confirmed by statistics from bug-hunting companies such as Hackerone.
Wars and Cyber Warfare in the Age of APIs
A new chapter in the security of our world opened on 24 February 2022. APIs are expected to be the most attacked interfaces in 2022.
API security and online fraud? What is the connection?
According to Europol, online fraud is one of the major cyberthreats we face. One of the effective tools against them is a content analysis on API traffic.
The growing costs of fraud
The infograph gives insight into the global trends concerning fraud and demonstrates why you need to implement fraud prevention measures.
Weakened encryption is a silver bullet - not just for law enforcement agencies, but for cybercriminals
United Nations is preparing to negotiate a draft of a new convention on cybercrime. Szilárd Pfeiffer has shared his thoughts on data privacy and encryption at an intersessional consultation of the United Nations Office on Drugs and Crime.
New security tools are required in a new era
A new chapter in the security of our world began on 24 February 2022. It's time to prepare your organization against an even stronger wave of cyberattacks.
Az ipar a zsarolóvírusok célkeresztjében
A zsarolóvírusok nemcsak a magánszemélyek, hanem a vállalatok számára is hatalmas fenyegetést jelentenek. Közülük is kiemelkednek azonban azok az ipari cégek, amelyeknél egy informatikai leállás akár a gyártást is ellehetetlenítheti.
The internet is a global village, not a metropolis
Think the internet is large enough to hide from criminals in the hope you won’t be the next victim of a cyber attack? Sadly, this is no longer the case. The internet is a global village, where everyone is your neighbor, and anyone can detect your mistakes and vulnerabilities.
A biztonsági incidensek által okozott károkat sok szervezet lebecsüli, ami gyakran negatívan hat a megelőző és a reagáló védelmi intézkedések hatékonyságára.
Lessons learned from 2021 cyberattacks
What are the key learning points of 2021 from a cybersecurity point of view? Csaba Krasznay, Director of Cybersecurity Research Institute at National University of Public Service shares his thoughts.
How would Zero Trust prevent a Log4Shell attack?
Log4Shell has made waves in the not-so stagnant waters of the IT Security industry last December. The post explains how organizations should apply Zero Trust to prevent Log4Shell - and similar - attacks.
2022: Year of the cyber cataclysm?
A lot of bad cyber-related things happened in 2021. Solarwinds, the Colonial Pipeline, and the Microsoft Exchange and log4j vulnerabilities, to name but a few. But what does the future hold for us in 2022?
Modern Techniques to Prevent Malware instead of Detecting It
Google lists 12,400,000 results to the search of "malware detection tools." Is malware detection a silver bullet, or is there a smarter method to prevent malware attacks? We believe there is one.
Are ransom DDoS attacks coming back?
The emerging threat of ransom DDoS attacks is knocking on the doors, or rather the TCP ports, giving us another example of how cybercriminals are adapting to their victims’ IT infrastructure and cyber defense.
Why is Zero Trust more important than ever before?
In the age of ransomware and supply chain attacks, how can organizations defend themselves? One of the possible answers is Zero Trust.
Zero Trust: Is it anything new?
What are the theories and practices and why they are so important? Let’s take a look.
The Shadow of Mass Endpoint Surveillance – Is the Network Already Secure?
Government agencies and Big Tech companies want to automatically scan mobile devices to fight against terrorism or child sexual abuse materials. Should we let them do that?
What can we learn from the Coursera API-story?
A number of security vulnerabilities have been found and disclosed in the Coursera online learning platform. Csaba Krasznay summarizes the key learning points of the story.
7 tips to prevent breaches like the SolarWinds hack
Let's learn from the SolarWinds hack!
Balasys TOP10 IT Security Predictions 2021-2023
In the past year, COVID-19 has had a greater impact on work habits and security environments than any other health emergency in history.
Miért fontos az API-biztonság?
A digitális átalakulás korában kiemelt szerepet kap az ügyfelek, a cégek és a partnerek közötti gyors kapcsolattartás és adatcsere.
Complement web application firewalls and API management
A Proxedo API Security use case
Újdonságok a Balasys Zorp Gateway 7.0.5-ben
Az elmúlt időszakban az intenzív fejlesztés és háttérmunka miatt kevesebb Zorp-pal kapcsolatos hírt közöltünk, de a Zorp Gateway fejlesztése ettől függetlenül folyamatos!
Zorp GPL – an open source, cloud-based firewall for Kubernetes
The benefits of Zorp GPL when used as an ingress controller in Kubernetes