Broken Access Controls
By: Veracode, Inc. View more from Veracode, Inc. >>
Download this next:
6 key criteria for developer-first secrets scanning solutions
By: Palo Alto Networks
Type: White Paper
Hardcoding secrets enables developers to seamlessly access or authenticate the services needed to build and deploy applications. But those secrets, if not stored securely, present a huge risk.
This checklist presents 6 key criteria that you should use when evaluating a potential secrets-scanning solution, including:
- Scans both application code and infrastructure as code files
- Developer-Friendly Integrations
- A Multidimensional Approach to Secrets Scanning
- And 3 more
Download now to learn more.
These are also closely related to: "Broken Access Controls"
-
BadUSB 2.0: Exploring USB man-in-the-middle attacks
By: TechTarget ComputerWeekly.com
Type: Essential Guide
The uses and capabilities of rogue USB hardware implants for use in cyber espionage activities is still very much an unknown quantity. Security professionals would benefit from tools capable of exploring the threat landscape while increasing awareness and countermeasures.
BadUSB 2.0 or BadUSB2 is an investigative tool capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation devices and earlier BadUSB hardware implants, thus providing an insight into how these attacks may be prevented.
Furthermore, BadUSB2 is able to evaluate new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquire an interactive command shell over USB.
-
Toughening up web and mobile application security
By: TechTarget ComputerWeekly.com
Type: eGuide
In the last years, organisations with highly integrated web applications and mobile apps have been able to ride the economic upheaval caused by the pandemic better than those with a less sophisticated online
presence.
While web applications enabled many organisations to remain operational during the pandemic, they also reinforced the need for strong app security in order to avoid cyber threats and malicious actors
who wish to penetrate corporate networks.
The reality is that web applications present too easy a vulnerability point because of what different teams do - and don’t do. In this e-guide, read more about the best practices for web application security, how to balance app innovation with app security, why API security needs to be part of your defence strategy, and what are the top tools to keep your applications safe.
Find more content like what you just read:
-
Strategies for successfully managing privileged accounts
By: One Identity
Type: White Paper
One of the most important aspects of an identity security program is the management and governance of the accounts belonging to superusers — privileged accounts.
-
Powerful DDoS attacks leveraging IoT
By: Arbor Networks
Type: eGuide
A series of potent, record-setting DDoS attacks hit several targets in 2016 using IoT malware to infect and leverage a large number of internet connect devices. Inside this guide, experts reveal 11 key takeaways for this type of attack and real-world examples of companies suffering from the aftermath including Dyn.
-
Sandnet++ – A framework for analysing and visualising network traffic from malware
By: TechTarget ComputerWeekly.com
Type: Essential Guide
This article in our Royal Holloway Security Series looks at Sandnet++, a framework for analysing and visualising network traffic from malware
-
DevSecOps delivers better business
By: TechTarget ComputerWeekly.com
Type: eGuide
Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.
-
Zero Trust at Scale: A Look Inside Cisco’s Zero Trust Integration Model
By: Cisco DUO
Type: White Paper
In this guide, you will learn why Cisco invested in Zero Trust when remote work initially gained foothold, how Cisco Zero Trust facilitates stakeholder engagement and buy-in, and more.
-
Combine passwordless and adaptive authentication
By: One Identity
Type: eBook
Most passwords are insecure, either being too easy to guess, or too readily shared.But what if your organization didn’t need passwords? Download this e-book to learn how a passwordless authentication platform works and see how it could reduce cyber risk in your organization.
-
Securing software resellers & small businesses
By: Gen Digital
Type: White Paper
With limited resources, resellers and other small businesses are by no means immune and are in fact uniquely at risk of serious cyberattacks. Download this white paper to unlock 5 key best practices you can use to secure your organization
-
Improved security and user experience with the Enterprise Browser
By: Island
Type: White Paper
Web browsers are designed to run third-party code directly on the endpoint. Many organizations use remote browser isolation (RBI) solutions to provide gateway infrastructure. Island saw the promise in these solutions, and decided to take them a step further, introducing them natively into their Enterprise Browser solution. Read on to learn more.
-
Securing CI/CD Pipelines & Key Access Management
By: One Identity
Type: White Paper
Securing CI/CD pipelines is critical to protect software development from hackers. This research discusses risks, vulnerabilities, and the importance of privileged access management. Implement robust authentication, least privilege access, and continuous monitoring to safeguard your CI/CD pipeline. Read the full research to learn more.
-
Application security: best practices and risks
By: TechTarget ComputerWeekly.com
Type: eGuide
Security professionals need to anticipate vulnerabilities from all the right perspectives, and that means testing apps for flaws on a regular basis, whether that means monthly, quarterly or following updates. Check out this e-guide, which include application security best practices, threat identification and security testing tips.
-
2024 security report: Predictions from 3 CISOs
By: Checkpoint Software Technologies
Type: Research Content
In this 103-page research report by Check Point Software Technologies, access 2024 cybersecurity predictions, a timeline of cyber events in 2023, and much more.
-
Incident Response Report 2022
By: Palo Alto Networks Unit42
Type: Resource
The digital transformation, as well as the growing sophistication of cyberattacks have made cybersecurity a key concern for everyone in every part of a company. In this report, analysts investigate cyber-incidents from across the previous year, combining various metrics to provide insight into the modern threat landscape. Read on to learn more.
-
AWS Differences between Active and Passive IAST and how to get the best of both worlds
By: Contrast Security
Type: White Paper
Interactive Application Security Testing (IAST) is a relatively new technology that has caused a lot of confusion for not being clearly explained. This article sets out to clear the air. It will explain:What is IAST?What’s the difference between Active IAST & Passive IAST? Which approach is better for you?Access the paper here.
-
A guide to continuous software delivery
By: TechTarget ComputerWeekly.com
Type: eBook
Software empowers business strategy. In this e-guide we explore how to deliver new software-powered functionality for continuous business improvement.
-
22-point checklist for Active Directory security
By: XM Cyber
Type: White Paper
Because of Active Directory’s key role in Windows-based environments, it exists as a major target for threat actors. So, how can you level up your Active Directory security in the face of proliferating cyberattacks? Unlock guidance in this 22-point checklist.
-
Best practices for multi-factor authentication
By: Okta
Type: White Paper
Threat actors have taken advantage of hybrid work structures, ramping up social engineering initiatives with a distinct emphasis on phishing. This white paper is designed to provide best practices for fully leveraging the promise of multi-factor authentication (MFA), including upgrading to passwordless authentication. Read on to learn more.
-
Multi-Factor Authentication Deployment Guide
By: Okta
Type: White Paper
Multi-factor authentication has become a global best practice for application developers to secure access to their applications. Download this eGuide and learn how a modern, automated approach to MFA can help organizations control access, safely automate recovery, and dramatically reduce the risk of data breaches.
-
Cybersecurity in hospitality: 2023 insights
By: Trustwave
Type: Research Content
Because of the sheer amount of sensitive data that hospitality organizations maintain, a data breach can cause major reputational damage. This report delves into the hospitality industry’s unique cybersecurity threat profile. Read on to learn about boosting your company’s security stance.
-
Analysis of the CVE-2021-2035 vulnerability in RDBMS scheduler
By: Spinnaker Support
Type: Research Content
This white paper analyzes CVE-2021-2035 in Oracle Database's Scheduler. It discusses the attack surface, needed privileges, and defense strategies like limiting scheduler access, setting up SQLNet, and encrypting credentials. Discover how to protect your Oracle Database by reading the complete paper.
-
Two-factor vs. multifactor authentication: Which is better?
By: HID Global
Type: eGuide
Two-factor authentication vs. multifactor authentication: Which is better? Access this e-guide to compare the two methods of authentication, and find out whether one is favored for securing cloud credentials.
-
Breaking down ransomware threats: Guidance for defense
By: AT&T Cybersecurity
Type: White Paper
To help you build up your defenses against ransomware, this 5-page guide breaks down common types of attacks and explores how you can prevent them. Continue on to unlock the full security insights.
-
Cyber insurance checklist: Assess your preparedness
By: Delinea
Type: White Paper
With this comprehensive checklist, you can assess your cyber insurance readiness. The checklist can help you evaluate your risk management, asset protection, and incident response capabilities – and much more. Read on to identify vulnerabilities and improve your security posture before applying for cyber insurance.
-
Defending web applications with web app firewalls (WAFs)
By: F5 Networks, Inc.
Type: eBook
Web application attacks are a leading cause of security incidents and data breaches, according to the Verizon Data Breach and Investigations report. This For Dummies e-book provides an overview of web application firewalls (WAFs), which can prevent attacks against your web applications. Read on to learn more.
-
Healthcare Organizations: Actionable Cybersecurity Insights
By: Trustwave
Type: Research Content
In 2022, over 28.5 million healthcare records were breached, according to The U.S. Department of Health and Human Services. So, how can today’s healthcare organizations protect their records and defend against advanced threats? To unlock actionable insights, dig into this 46-page report.
-
Securing Remote Access
By: Cisco DUO
Type: eBook
As the network perimeter is now everywhere and anywhere users are, security must move with it and needs to be in place at the point of access. Download this e-book to learn how you can secure remote access and build user trust.
-
Controlling and Managing Privileged Access
By: One Identity
Type: White Paper
Download this report and learn the risks associated with privileged access, and explains how solutions from One Identity mitigate those risks with granular access control and accountability.
-
Top Cybersecurity Threat Detections With Splunk and MITRE ATT&CK
By: Splunk
Type: eBook
Organizations can combat cyber threats by aligning MITRE ATT&CK with Splunk’s Analytic Stories. The guide details tactics like reconnaissance and lateral movement, offering Splunk searches and playbooks for detection. Teams can then investigate and remediate. Access the full paper for pre-built detections and enhanced defense insights.
-
How Workforce Identity Can Power Security
By: Okta
Type: White Paper
Identity is the only technology integrated across your entire IT and security stack, from devices and on-prem applications to cloud apps and workloads. Download this eGuide and learn how an Identity-powered approach to security protects your workers, resources, and their innovation and productivity.
-
Top 10 CI/CD security risks you can't ignore
By: Palo Alto Networks
Type: eBook
Pipelines open new attack surfaces if not secured properly. In this 42-page eBook, learn key strategies to lock down your CI/CD environments and processes to avoid data breaches, compromised infrastructure, and failed audits.
-
Royal Holloway: Attack mapping for the internet of things
By: TechTarget ComputerWeekly.com
Type: Research Content
The introduction of each internet-connected device to a home network increases the risk of cyber attack. This article in our Royal Holloway security series presents a practical model for investigating the security of a home network to evaluate and track what pathways an attacker may use to compromise it.
-
2024 threat landscape: 36-page report
By: Arctic Wolf
Type: Research Content
Ransom demands are increasing 20% year-over-year, “Artic Wolf Labs Threat Report 2024” finds, rising to a staggering $600,000 USD. How can you defend your business against that dangerous trend? And what other threats should you watch out for in the cyber landscape? Dig into the report to unlock insights.
-
Explore the technical details of passkeys - a passwordless future
By: Okta
Type: White Paper
Passkeys are a new FIDO-based authentication standard that enables faster, easier, and more secure sign-up and sign-in experiences. This white paper explains how passkeys work, the technical flows involved, and implementation considerations for developers. Read the full white paper to learn more.
-
Synced passkeys: Big leap towards passwordless login
By: Okta
Type: White Paper
Synced passkeys are a significant step towards a passwordless world, offering increased security and convenience over traditional passwords. Learn how passkeys work and explore different implementation approaches in this comprehensive white paper.
-
Is your infrastructure orchestration platform secure?
By: Orchestral.ai
Type: Product Overview
Because infrastructure orchestration platforms have access to data and configurations throughout a network, organizations must ensure that these platforms are secure. To learn about four key security components of such a platform, take a look through this overview.
-
The state of identity based threats
By: Cisco DUO
Type: Research Content
Cyber threats are escalating as criminals employ advanced tactics to breach security. The Aberdeen report investigates the rise of identity-based threats, including MFA attacks, and offers security enhancement recommendations. Discover how to secure your organization against identity threats in the full Analyst Report.
-
A Computer Weekly buyer's guide to supply chain security
By: TechTarget ComputerWeekly.com
Type: eGuide
Organisations are increasingly taking the initiative when it comes to firming up their supply chain security. In this 15-page buyer's guide, Computer Weekly looks at data's role in enabling faster response times, the challenges firms face in increasing their cyber resilience and how the role of the IT security leader has evolved.
-
Access Management Buyer's Guide
By: Cisco DUO
Type: Buyer's Guide
The modern workforce is rapidly becoming more mobile and hyperconnected, and attackers are taking note. But with attackers constantly innovating and finding new ways to bypass weaker multifactor authentication (MFA) implementations, how can you authorize users and devices without putting the network at risk?
-
IAM: Managing identity remains key to cyber security
By: TechTarget ComputerWeekly.com
Type: eGuide
IT and regulatory environments are changing rapidly driven by the EU's GDPR and digital transformation that is seeing accelerated adoption of cloud and IoT-based technologies, and while identity remains key to cyber security, organisations need to reassess and adapt their identity and access management (IAM) strategies accordingly.
-
A Computer Weekly buyer's guide to secure and agile app development
By: TechTarget ComputerWeekly.com
Type: eGuide
As apps become increasingly integral to business operations, the importance of keeping them secure can never be overstated. In this 15-page buyer's guide, Computer Weekly looks at how firms can protect apps from ransomware, why app creation needs to happen at pace, and how to get the right balance between security and coding
-
The Ultimate Guide to Ransomware and Cybersecurity Planning
By: Infinidat
Type: eGuide
Read through this comprehensive e-guide for everything you need to know about cybersecurity planning for ransomware: types of attacks, common attack vectors, prevention methods and tools, best practices for recovery, and more.
-
A Computer Weekly buyer's guide to continuous integration and continuous deployment
By: TechTarget ComputerWeekly.com
Type: eGuide
Continuous integration and continuous deployment offer a variety of advantages for software developers. In this 13-page buyer's guide, Computer Weekly looks at what changes are in its pipeline, assesses the cultural changes it brings and how it can deliver results at speed.
-
Two-Factor Authentication Evaluation Guide
By: Cisco DUO
Type: White Paper
In this guide, you will learn how to evaluate a solution based on, security impact,strategic business initiatives, total cost of ownership, and resources required. Read on to learn more.
-
Securing Access to Critical IT Resources
By: One Identity
Type: Analyst Report
Read this comprehensive overview of the Privileged Access Management (PAM) market including vendor capabilities, product ratings and market leadership analysis from KuppingerCole. Discover leading PAM solutions to help secure privileged access across endpoints, servers, applications and cloud.
-
Penetration testing; Find vulnerabilities before hackers can
By: Bitdefender
Type: Product Overview
Every new technology introduced to your organization adds further complexity to the attack surface. Bitdefender offers customized Red Team Exercises that simulate real-life threat actors to identify vulnerabilities so that your security teams can resolve them before real hackers can exploit them. Read on to learn more.
-
Automated tools for the new EU Cyber Resilience Act
By: Cybellum
Type: Product Overview
With the Cyber Resilience Act (CRA) beginning implementation in 2024, organizations must be ready to meet the new requirements. Learn about the Cybellum Product Security Platform, a leading product cybersecurity assessment and management platform that provides comprehensive support for meeting CRA requirements, in this white paper.
-
A Six-Step Plan for Stopping Payment Redirection, Supplier Invoicing Fraud and Gift Card Scams
By: Proofpoint
Type: eBook
You’re familiar with the costs of a business email compromise (BEC) attack, whether it’s been your organization on the receiving end or another company. So, you know that these attacks are costly—but do you know why they’re so successful? Find out why in this e-book.
-
Manage privileged access to protect your organization
By: Delinea
Type: eBook
This e-book provides a practical understanding of Privileged Access Management (PAM) - what privileged accounts are, where they reside, and how to protect them from cybercriminals. Learn how to secure remote access and build user trust. Download the full e-book to learn more.