Search the Community

There's more to open source risk than CVEs! The post Quick Guide to the OWASP OSS Risk Top 10 appeared first on Mend. The post Quick Guide to the OWASP OSS Risk Top 10 appeared first on Security Boulevard. View the full article

An overview of the top vulnerabilities affecting large language model (LLM) applications. The post OWASP Top 10 for LLM Applications: A Quick Guide appeared first on Mend. The post OWASP Top 10 for LLM Applications: A Quick Guide appeared first on Security Boulevard. View the full article

This post was co-authored by Henry Yan, Product Marketing Manager. Increased cloud adoption and the shift to hybrid work has resulted in increased usage of digital assets. While moving web applications and APIs to the cloud provides many advantages for organizations, including transforming business models and enhancing the customer experience, it also presents new security challenges. We have seen that attackers come up with new sophisticated attack patterns and we see new vulnerabilities (for example, Log4J, SpringShell, and Text4Shell) emerging constantly. Vulnerabilities in these applications could lead to breaches and allow cybercriminals to gain access to valuable and sensitive data. At Microsoft, we are committed to making Microsoft Azure the most secure and trusted cloud for all workloads. We are continuously innovating and seeking ways to enhance our products to help our customers protect against evolving threats. This includes supporting organizations and communities that share a common commitment as ours. We are pleased to announce the sponsorship for the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set (CRS) project. We value the contributions of the CRS community and are looking forward to contributing to the success of the community and OWASP ModSecurity CRS open source project. Intelligent protection from edge to cloud Azure Web Application Firewall (Azure WAF) is our cloud-native service for protecting your applications and APIs in Azure or anywhere else from web attacks and vulnerabilities. Azure WAF provides built-in managed rules, based off the OWASP ModSecurity CRS, that offer application protection from a wide range of attacks, including the OWASP Top Ten, with minimum false positives. These managed rules provide protection against many common attack categories, including SQL injection, cross site scripting, local file inclusion, and much more. Azure WAF offers Microsoft Managed Rule Sets, proprietary rulesets, which extends the protection of OWASP ModSecurity CRS 3.x, and includes additional proprietary rules and updated signatures developed by the Microsoft Threat Intelligence Center to provide increased security coverage, patches for specific vulnerabilities, and reduced false positive. Azure WAF includes richer set of features including IP reputation, bot protection, rate limiting, IP restriction, and geo-filtering that further strengthens the security posture for your web application and APIs. Native integration with Azure Monitor, Microsoft Sentinel, and Azure Firewall Manager provides ease of management and advanced analytics capabilities to detect and respond to security threats timely. Better together Microsoft has invested heavily in building security-focused products and ensuring security is built into our core technologies. As a gold sponsor for the OWASP ModSecurity CRS project, we are furthering our commitment in contributing to a strong and vibrant security community. We are excited to join efforts to help advance the CRS open source project that serves as a first line of defense for many applications. The collaboration between Microsoft and OWASP CRS teams will help improve signature patterns, reduce false positives, and address critical zero-day vulnerabilities quickly. This is an important step in ensuring we provide the best security possible for all. Read more about this announcement from OWASP ModSecurity CRS project. View the full article

After years of stagnation, the Open Web Application Security Project (OWASP) Top 10 list finally saw some shakeup. Most notably, insecure design debuted on the list as the number four security risk to web applications. “If we genuinely want to ‘move left’ as an industry, it calls for more use of threat modeling, secure design […] The post The Everything-As-Code Revolution and the OWASP Top 10 appeared first on DevOps.com. View the full article

The open web application security project (OWASP) recently updated its top 10 list of the most critical security risks to web applications after four years. It represents the most radical shake-up since the list was introduced in 2003. The changes will undoubtedly have a big impact on how businesses address application security going forward and […] View the full article

With cybersecurity attacks rising, it is important for you to enforce secure software best practices, like OWASP and the OWASP Top 10. OWASP helps you to safeguard your code against software security vulnerabilities. Continue reading to learn why OWASP is important. What You Need to Know About OWASP The Open Web Application Security Project (OWASP) […] View the full article

Open Web Application Security Project (OWASP) is a nonprofit foundation that is dedicated to improving web applications security. The vibrant OWASP community has projects, forums, and events aimed at increasing the members’ security preparedness.View the full article

The tools, languages, platforms, and methods used to build applications have changed drastically over the past decade. Application security practices have to change with them; otherwise, security professionals will be playing constant catch-up with attackers and cybercriminals. What Is the OWASP API Top 10? The increase of microservices and application programming interfaces (APIs) has given […] The post Use the OWASP API Top 10 to Secure Your APIs appeared first on DevOps.com. View the full article