Posted on

5 Steps to Strengthen API Security

APIs are the connective tissue of scalable websites — fundamental to functioning in today’s digital world. But much like the physical world, weaknesses in connections and associated protocols can result in significant, sometimes existential, trouble.

A recent instance includes data leaks that stemmed from the misconfiguration of Microsoft Power Apps portals to enable public access. When examining this case, UpGuard found that the type of data varied between portals, and even included personal information that was used for COVID-19 contact tracing and COVID-19 vaccination appointments — as well as Social Security numbers, employee IDs, and millions of email addresses and names. 

Posted on

Log4Shell: A Case for Trusting Open Source – With Guardrails

Along with a host of frenzied updates and patches, Log4Shell brought something else to the table: an intense renewed scrutiny among business leaders and governments around “open source.” What most of these critics are not aware of is that much of the software powering their success isn’t created by commercial vendors, but is created by volunteers and that some of their most critical systems use open-source software. Furthermore, most critics can’t confidently point to a list of all the open-source software powering their own success. 

Similar to the response we’ve seen to major incidents like HeartBleed, Dirty Cow, and the Equifax experience with Apache Struts, governmental reviews are underway, and some are seeking to replace the “bad open-source component” – in this case, log4j – with a “more secure alternative.” But there is an important aspect of open source in modern society that is being overlooked in these scenarios – it’s highly trusted.

Posted on

Strategies and Technologies for Container Security

When adopting any new technology, the ability of that technology to mitigate or reduce security risks should always be on the table. Organizations hesitant to adopt containers are often wary of how their existing processes and paradigms address the challenges of securing containers in production.

For their many benefits, containers effectively represent a new layer in the application stack, which requires a new way of thinking about application security. In its Application Container Security Guide, NIST points out that as containers revolutionize application deployment, organizations must adapt their security strategies to new, dynamic production environments.