RSA Conference’s Post

Developers are critical to securing apps, both in production and pre-production. Shift-left is increasing their burden. Learn how to unburden developers.

A critical pre-authentication remote code execution (RCE) security vulnerability in Apache OFBiz could open organizations to data theft, lateral movement by threat actors into various applications and parts of their networks, and more. #apache #vulnerability #exploit #RCE #infosec #devsecops

#Vulnerability #AccessRightsManager Hard-Coded Credentials (CVE-2024-23473), RCE (CVE-2024-28075) Flaws Patched in SolarWinds ARM

🚨 High risk vulnerability in open-webui v0.3.8! An improper privilege management vulnerability exists in the API endpoints, allowing lower-privileged users to access and overwrite files managed by admins. This compromises the integrity and availability of the system. Stay safe and update your systems! #openwebui #vulnerability #owasp #APIsecurity https://lnkd.in/e_jhn4fG

🔥 Last week, we announced Rad Security! The goal of the RAD security standard is to reverse the balance of power in software supply chain security. If development teams can compare a verified, clean runtime fingerprint against the same image running in their environment, they have a real chance in defending against the next zero day attack! ☠ Sign up for early access here: https://lnkd.in/e7-F3Zad #zeroday #runtime # #softwaresupplychainsecurity

Accelerating application development has security tech debt ballooning out of control. Here's how to burn it down (and keep it down) while advancing your application security program maturity: 🔥⬇ https://lnkd.in/gFTHQk-i #securitydebt #burndowntechdebt #appsecmaturity

🎯 Top 10 API security Issues : 1. Broken object level authorization 2. Broken authentication 3. Broken object property level authorization 4. Unrestricted resource consumption 5. Broken function level authorization 6. Access to sensitive business flows 7. Server side request forgery 8. Security misconfiguration 9. Improper inventory management 10. Unsafe consumption of APIs #bugbountytips #hack #redteam #Hunter

😬 Adversaries are getting creative and traditional security controls are no longer enough. In our upcoming webcast, Adversaries are Doing Stranger Things, Brian Almond will explore the unconventional tactics adversaries use to bypass defenses. From novel C2 methods to repurposed developer tools, join us and learn how to to identify and counteract these tactics. 👉 Register now: https://lnkd.in/e4XCbbeB #ThreatHunting #OffensiveOps #Infosec

https://lnkd.in/ec5rE5x3 #Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

Fast-track your Kubernetes FedRAMP journey! Buoyant Enterprise for Linkerd provides drop-in application encryption for Kuberentes that meets FIPS 140-2 and FIPS-140-3 standards. Our FIPS-compliant service mesh provides instant encryption for data in transit for any Kubernetes application, based on mutual TLS and using FIPS-certified encryption libraries. #ServiceMesh #Kubernetes #FIPS #FedRAMP