Salt launches STEP program to enhance API security for enterprises

Salt Security has launched an initiative to help enterprises significantly reduce risk across their API ecosystem.

The STEP (Salt Technical Ecosystem Partner) program encompasses the integration of AI-driven API security insights into existing workflows and tools within organisations. This integration empowers joint customers to bolster their security posture using the Salt Security API Protection Platform.

Salt has introduced STEP’s inaugural partners, focusing on API...

23 August 2023 | API

Cyber Security & Cloud Expo: Examining the 2022 malware landscape

Geopolitical tensions and the largest war in Europe for decades have defined the malware landscape in 2022.

Recorded Future has been capturing global threat information from the internet, dark web, and technical sources for over a decade. The firm combines this vast amount of data with AI and human expertise to spot threats early and provide actionable insights to security professionals.

Toby Wilmington, Manager - Sales Engineering at Recorded Future, provided his...

23 September 2022 | Hacking & Security

ShiftLeft: Just 3% of app vulnerabilities are attackable

ShiftLeft, an innovator in automated application security testing, has released its second annual AppSec Progress Report documenting critical trends in application security and how organizations are shifting security left to deal with the ever-rising volume of attacks and disclosed vulnerabilities.

The report covers year-over-year trends and general findings analyzed from millions of scans last year using the ShiftLeft CORE platform across applications running numerous programming...

29 June 2022 | Developer

Five Eyes alliance lists 2021’s top vulnerabilities

A cybersecurity advisory issued by members of the ‘Five Eyes’ intelligence alliance lists the most-exploited vulnerabilities of 2021.

The Five Eyes consists of the US, UK, Canada, Australia, and New Zealand. Over recent weeks, cybersecurity authorities from the normally secretive alliance have issued a number of joint statements amid increasing global threats.

According to the alliance, here were the top 15 “routinely exploited” vulnerabilities in...

28 April 2022 | Hacking & Security

Google’s Project Zero found over twice as many exploits in 2021

Project Zero, Google’s in-house team of experts tasked with finding zero-day exploits, reports that it found over twice as many in 2021.

According to the team’s annual report, it found a record 58 zero-day exploits in 2021. That’s over double the 25 it detected in 2020 and the previous record of 28 detected in 2015.

(Credit: Google)

While such a large uptick may cause alarm, Google puts a positive spin on the news.

“We believe the large...

20 April 2022 | Hacking & Security

GitHub Advisory Database now accepts community contributions

GitHub is opening its Advisory Database to community contributions to help further secure software supply chains.

One vulnerability can have a devastating “domino effect” on software across the globe. With the use of open-source increasing, so does the threat of a vast amount of software being compromised.

GitHub launched its Advisory Database almost two years ago. As the largest database of vulnerabilities in software dependencies in the world, it’s become an...

22 February 2022 | Hacking & Security

Google wants to increase government collaboration to secure open-source

Google says that it wants to increase government collaboration to help secure open-source after participating in a White House summit.

On Thursday, Google participated in the White House Open Source Software Security Summit with the aim of building on its “work with the Administration to strengthen America’s collective cybersecurity through critical areas like open-source software.”

The past year has been particularly bad for open-source security problems, with...

14 January 2022 | Hacking & Security

Google wants to ‘advance cybersecurity’ by fixing open-source and increasing training

Google has committed $10 billion over the next five years to “advance cybersecurity” by fixing some of the key problems with open-source and offering more training.

The announcement follows Google’s participation in President Biden’s White House Cyber Security Meeting this week. Leading tech executives including Alphabet CEO Sundar Pichai put their heads together following an increasing prevalence and seriousness of cyberattacks.

Open-source is vital and speeds...

26 August 2021 | Hacking & Security

GitHub brings its suite of supply chain security features to Go

Go is receiving a boost from GitHub with the company bringing its supply chain security features to the Google-designed language.

According to GitHut, Go is currently the fourth most-popular language on GitHub. The Go community embraced GitHub and now the company is returning the favour by helping them to discover, report, and prevent security vulnerabilities.

Steve Francia, Product Lead of Go Language at Google, said:

“Go was created, in part, to address the...

23 July 2021 | Git

Sonatype Lift uses deep code analysis to suggest bug fixes

Sonatype has launched a new deep code analysis platform called Lift which can detect a wide range of bug types.

Lift detects bugs ranging from style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

Research from Veracode last year found that open-source libraries cause security flaws in around 70 percent of apps. However, open-source libraries are often critical to projects.

Using a deep code...

17 June 2021 | Development Tools