Security

Monitoring Appian with Appian: Orchestrating the Security Toolbox

In our previous blog post covering our in-house Security Orchestration, Automation & Response (SOAR) application, we described the data model for the system and basic features allowing security analysts to review events and trends across Appian’s many security monitoring systems.

Securing your Applications in Node.js - Part 2/3

If you haven’t checked out the first part of Securing your Applications in Node.js, click here. This is a 3-part blog series on Node.js. This article aims to establish a Node.js security roadmap by addressing security challenges comprehensively and consistently for large infrastructures. Let’s begin! 🚀

How to Choose the Best API Management Platform

An API or Application Programming Interface is how two applications communicate with one another; it is also the way users access an application. All websites and applications use some form of API through an API gateway, which serves as an entry point to a service. Unfortunately, over 90% of businesses have suffered from a security problem related to their APIs, making API security a top concern. For this reason and more, many businesses require a dedicated API management platform.

Security Risks On Rails: Misconfiguration and Unsafe Integrations

In the third and final article of our series on the OWASP Top 10 Web Application Security Risks, we’ll explore the lesser-known risks associated with the development of web applications on Rails when it comes to threats involving security misconfiguration, JSON escaping, etc.

Web Security Attacks You Must Know - Part 2

The world is a digital place today. We fulfil most of our work, social and family tasks virtually, using the internet. The technology is now so universal, with so few barriers to entry, that practically anyone can connect to this global grid, no matter their technical skills. However, there is a flip side. Many people lack security awareness and knowledge, which can have drastic impacts on their social and financial life.

Achieving Maximum API Platform Security With Kong

Before exposing your company’s APIs, your highest priority should be to assure the security, governance and reliability of those APIs. To do so, you’ll need to use an API gateway as a single secure entry point for API consumers rather than allowing direct access to APIs. Kong Gateway can help manage the full lifecycle of services and APIs as well as secure and govern the access to those APIs within an API platform.

Secure Code Warrior Integration

Software security breaches pose a major safety and security threats. However, writing high quality, secure code can be a challenge without the right tools and knowledge. Secure Code Warrior is an integrated platform that provides secure coding training and tools that helps shift developer focus from vulnerability reaction to prevention. By using a combination of training courses and tournaments, Secure Code Warrior enables developers to gain the knowledge and skills to fix security vulnerabilities — ensuring they are less likely to be repeated in the future.

Recognizing Organizations Leading the Way in Data Security & Governance

The right set of tools helps businesses utilize data to drive insights and value. But balancing a strong layer of security and governance with easy access to data for all users is no easy task. Retrofitting existing solutions to ever-changing policy and security demands is one option. Another option — a more rewarding one — is to include centralized data management, security, and governance into data projects from the start.

What Is Log4Shell? The Log4j Vulnerability Explained

A new vulnerability that impacts devices and applications that use Java has been identified in Log4j, the open-source Apache logging library. Known as Log4Shell, the flaw is the most significant security vulnerability currently on the internet, with a severity score of 10-out-of-10. Fortunately, Perforce static analysis and SAST tools — Helix QAC and Klocwork — can help.