Systems | Development | Analytics | API | Testing

Vulnerability

OWASP API Security Top 10: Mitigating Risks with Kong

The Open Web Application Security Project (OWASP for short) is a not-for-profit entity devoted to improving the security of software. Founded in 2001, OWASP is a global organization that supports thousands of volunteers globally to produce freely-available articles, documentation, tutorials, and tooling. OWASP is best known for its "Top 10" lists, which represent a broad consensus about the most critical security risks to web applications.

Vulnerability Scanning & 3rd-Party Modules Certification in N|Solid [8/10] The best APM for Node, layer by layer.

NCM —NodeSource Certified Modules— is the secure, reliable way to take advantage of the massive ecosystem of Node.js packages. Certified modules are compatible with Node LTS and monitored continuously to identify risk over time. Certification guarantees no security vulnerabilities or unverified code in modules or dependencies and is easy to set up and manage. No workflow changes are required.

Supplement API Security Testing with Functional API Testing and Integration Testing

The OWASP API Security Top 10 identifies the top API vulnerabilities that pose the greatest risk to mobile, web and SaaS applications as well as internal, partner and external API programs, highlighting which vulnerabilities must be detected and mitigated promptly. Gartner predicts that APIs that expose private information such as Personally Identifiable Information (PII) will be the most common attack vector in 2022.

What Is Log4Shell? The Log4j Vulnerability Explained

A new vulnerability that impacts devices and applications that use Java has been identified in Log4j, the open-source Apache logging library. Known as Log4Shell, the flaw is the most significant security vulnerability currently on the internet, with a severity score of 10-out-of-10. Fortunately, Perforce static analysis and SAST tools — Helix QAC and Klocwork — can help.

Log4J, Log4Shell and Kong

If you’ve been online at all this week, chances are that you’ve heard about the Log4Shell zero-day (CVE-2021-44228) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target’s machines. I know the first question that you all have is: “Is Kong affected by Log4Shell?” Let’s start with the good news: No Kong products are affected by this Log4J vulnerability.

Rollbar Log4J CVE-2021-44228 ("Log4Shell") Community Update

Your data is safe with Rollbar. A zero day in the Java ecosystem was discovered that could exploit Apache’s Log4J library. The vulnerability can, potentially, impact users of Rollbar’s Java SDK if they selected Log4J for their project. We recommend that all projects that are dependent on Log4J upgrade their dependencies so they require a version at/after 2.16.0.

IP Security Vulnerability Detection

The severity and ingenuity of cyberattacks continues to increase as malicious actors become more proficient, breaking through the software layers and aiming to also compromise hardware like integrated circuits. Relative to software, it is much more difficult to patch security vulnerabilities in ICs – making early identification of IP security weaknesses increasingly important.