Category: CSO

APIs now account for 40% of the attack surface for all web-enabled apps. OWASP has identified 10 areas where enterprises can lower that risk.

Jira is just the most recent company to expose its customers via a path traversal vulnerability. This risk is easily avoidable, but developers keep making the same mistake.

Every internet of things security issue will be greatly magnified in a 5G environment. Address these seven areas before you deploy your own.

Cybercriminals follow the money, and you need look no further than Toyota Boshoku’s recent $37 million loss to see why many are turning to BEC scams.

Whether through fraud or legitimate purchase, cybercriminals increasingly depend on mainstream services to support their activities.

Cyber criminals are targeting application programming interfaces to steal sensitive data. Recent exposures and hacks at companies like Venmo, Facebook and Google present lessons to improve API security.

California’s new privacy law, AB 375, might not burden security as much as the GDPR, but details are subject to change.

It’s often difficult to make log files and other data from legacy applications accessible to security information and event management systems. Here are some options for improving visibility.

Low code does not mean low risk. By allowing more people in an enterprise to develop applications, low-code development creates new vulnerabilities and can hide problems from security.

Breaches from attacks that defeat or run around endpoint protection measures are on the rise. Here’s how attackers do it.

The U.S. Global Positioning System, part of a network of global navigation satellite systems (GNSS), is vulnerable to attacks that could disrupt many industries. Here’s how it works and what you can do to mitigate its risk.

New tools and services will help make it easier for enterprises to manage security with Google products as well as with Amazon and in their own private clouds and applications.