Application security

Center of Excellence

Online healthcare app on smartphone screen.

Federal scrutiny of health platforms aims to take hold of the rapid expansion of telemedicine, said one expert. (Adobe Stock Photos)

Health apps on notice: FTC signals more privacy enforcement actions ahead

Jessica DavisMarch 23, 2023

Digital app developers and other companies maintaining consumer data, including health information, should review current privacy practices as the FTC cracks down on violations.

Fake ChatGPT chrome browser extension downloaded 9,000 times

Emerging technology

Malicious ChatGPT Chrome browser extension hijacks Facebook accounts

Menghan XiaoMarch 23, 2023

Criminals created a lookalike version of a popular ChatGPT Chrome browser extension and launched a paid ad campaign for it on Google search driving 9,000 downloads.

DevOps

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl’s Anniversary – ASW #233

March 20, 2023

Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl.

Application security

Decluttering security with effective application scanning tools

Automating Security With Static Analysis – Josh Goldberg – ASW #233

March 20, 2023

Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting ...

DevOps

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309

March 16, 2023

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of ...

Application security

Fewer than 10% of IT organizations fully document their APIs

Steve ZurierMarch 14, 2023

EMA survey says while the vast majority of companies are confident in their security and API strategies, only a small group does the stringent documentation needed in today’s threat environment.

Application security

Invicti Insights: Getting the board on board with cybersecurity

The Rise of the Chief Product Security Officer – Jason Christman – CSP #113

March 14, 2023

Cybersecurity is becoming a #1 business risk for many organizations. For CISOs to effectively manage this risk, proper strategy, adequate resourcing, and leadership support are all essential, but not enough. CISOs need a trusted partner on the supplier side, a product CISO, known within industry as a Chief Product Security Officer, who understand...

Emerging technology

Employees are entering sensitive business data into ChatGPT

Stephen WeigandMarch 13, 2023

Employees may be putting confidential business information at risk by entering sensitive data into ChatGPT. Also, bad actors created a fake ChatGPT Chrome extension to hijack Facebook accounts.

Sponsor Content

DOWNLOAD WHITEPAPER

Health apps on notice: FTC signals more privacy enforcement actions ahead

Malicious ChatGPT Chrome browser extension hijacks Facebook accounts

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl’s Anniversary – ASW #233

Decluttering security with effective application scanning tools

Automating Security With Static Analysis – Josh Goldberg – ASW #233

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309

Fewer than 10% of IT organizations fully document their APIs

Invicti Insights: Getting the board on board with cybersecurity

The Rise of the Chief Product Security Officer – Jason Christman – CSP #113

Employees are entering sensitive business data into ChatGPT

Sponsor Content

Related Events

Generative AI: Understanding the AppSec risks and how DAST can mitigate them

Busting Bots: How to Go Beyond Traditional CAPTCHA With Machine Learning

Dr. DevSecOps: A prescription for alleviating AppSec’s biggest pain points

Perspectives

The way to stop API breaches: reevaluate the company’s cybersecurity stack

Five ways security teams can create continuous security for APIs

Brace for more mobile app security vulnerability discoveries in 2023

Briefs

TikTok’s security, privacy promises dismissed by House committee

New Kimsuky attacks target Gmail messages

Bipartisan Senate legislation boosts authority to ban TikTok, others