Practical guide to API Security
APIs come in many flavours, including REST, SOAP, graphQL, gRPC, and WebSockets, and each has its use cases and common vulnerabilities. The issues covered in this guide can occur in any API. Regardless of which technology you have used to implement your API, read on to find out what you [...]
Mitigating Application Security Threats
One of the key reasons for application vulnerabilities is a lack of secure design, development, implementation, and operations. Relying solely on post-development audits for security is inadequate. Instead, security must be an inherent and integral aspect seamlessly integrated into the application's design and development lifecycle. Organizations should incorporate secured application [...]
Application Threat Modeling
Application security is a multilayered approach that requires a combination of technical controls, secure development practices, user awareness, and proactive monitoring. It should be considered at the earliest stage of the software development lifecycle. Threat modelling evaluates information affecting an application's security and organizes it into a structured representation to [...]
Key Stages of Threat Modeling
There may be security mechanisms such as firewalls and intrusion detection systems protecting the network layer. However, Application-level threats and vulnerabilities may not be stopped or detected. Threat Modelling aims to optimize application security by analyzing potential threats, identifying countermeasures, and reducing fielded vulnerabilities. A good balance between security and [...]
Artificial intelligence risk management
Artificial intelligence (AI) technology fosters the development of machines or applications to perform tasks that usually require humans. While AI is not new, the eruption of massive mega data collection, affordable high-speed cloud computing, and decreasing data storage and computing costs have brought AI into the epicentre of application development [...]