research and report | The Blog Pros

April 11, 2022

API Security Weekly: Issue 161

This week, we have details of a vulnerability in the AI platform Wipro Holmes Orchestrator, allowing the download of arbitrary files via path manipulation. There's also a new report from researcher Alissa Knight on vulnerabilities in banking, cryptocurrency exchange, and FinTech APIs; an article on the impact of a shift-left approach for API security; and 31 tips for improving API security.

Vulnerability: Arbitrary File Download in Wipro Holmes Orchestrator

This week saw the disclosure of a vulnerability that affected the AI platform Wipro Holmes Orchestrator, as detailed in this disclosure and tracked as CVE-2021-38146.

October 15, 2021

Live From INTERACT: Microsoft’s Developer Velocity Research

This week we have another episode from the 2021 engineering leadership conference INTERACT. In this live conversation I interview Henrik Gütle, GM of Azure for Microsoft Canada.

Henrik joins the podcast to break down the results and key takeaways of Microsoft’s research into the impact of remote work on developer velocity - and what engineering leaders can learn from it.

Packages for Store Routines in MariaDB 11.4
No categories
MariaDB 11.4 introduced many advanced features. One that grabbed my attention is the general support of packages for stored routines. Although this was previously available by activating the Oracle compatibility mode, now the feature is available gener... […]
Maintain Chat History in Generative AI Apps With Valkey
No categories
A while back I wrote up a blog post on how to use Redis as a chat history component with LangChain. Since LangChain already had Redis chat history available as a component, it was quite convenient to write a client application. But, that's not the same... […]
Knowledge Graph Enlightenment, AI, and RAG
No categories
In the previous edition of the YotG newsletter, the wave of Generative AI hype was probably at its all-time high. Today, while Generative AI is still talked about and trialed, the hype is subsiding. Skepticism is settling in, and for good reason. Repor... […]
Building an Effective Zero Trust Security Strategy for End-To-End Cyber Risk Management
No categories
You've probably heard a lot about zero-trust security lately, and for good reason. As we move more of our applications and data to the cloud, the traditional castle-and-moat approach to security just doesn't cut it anymore. This makes me come... […]
Phased Approach to Data Warehouse Modernization
No categories
A modernized database will help you focus on building innovative solutions rather than investing your time and effort in managing these legacy systems. Based on the scale of your existing data warehouse processes or jobs, it can be an enormous task to ... […]