Posted on July 25, 2022
The fictional Juice Shop that I set up to demonstrate OWASP Top 10 risks is getting a workout. The Juice Shop app, which I developed on the HyperQube test platform, is designed to be super vulnerable – with “as many holes as Swiss cheese.”
In this next installment, I discuss how to quickly and easily address the security and compliance risks associated with a missing or bad SSL certificate – an issue that falls under two OWASP risk categories – Cryptographic Storage as well as Software and Integrity Failure, #2 and #8 of the OWASP Top 10.
SSL certificates provide cryptographic functions that ensure data integrity and are required for regulatory compliance. Sites lacking valid SSL certificates may be flagged as unsafe, leading to high bounce rates. But managing certificates is a hassle, and if one goes invalid, addressing the issue takes time and effort.
Ericom ZTEdge Web Application Isolation (WAI), an innovative cloud-delivered security solution that isolates web/cloud applications and their APIs from cyber-threats, functions as a much-improved, perimeter-less “next-gen” WAF solution. WAI policy-based controls that take the hassle out of managing SSL certificates, ensuring that they are always in place.
Check out the 3-minute demo right here:
Don’t Gamble with Your Cybersecurity
Recent cyberattacks combined stolen credentials, social engineering, MFA resets and SSO manipulation in what’s been described as the Ocean’s 11 of the cyber age.
“Operation Duck Hunt” Shuts Down QakBot Botnet
The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.
How GenAI is Supercharging Zero-Day Cyberattacks
Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.