OWASP

SecureIQLab Releases the First-Ever "Secure-by-Design" Web Application & API Protection (WAAP) Public Test Report

Retrieved on: 
星期四, 五月 9, 2024
Deployment, Airlock, Imperva, Internet, Scalability, Attack, Fortinet, TCO, API, Amazon Web Services, Senior, Microsoft, Barracuda, Azure, Ease, OWASP, OE, Akamai Technologies, ROSI, Online shopping

AUSTIN, Texas, May 9, 2024 /PRNewswire/ -- SecureIQLab LLC, a leading provider of cloud security validation solutions, proudly announces the release of the first-ever Web Application & API Protection (WAAP) test to include the quantification of the critical secure-by-design and operational efficiency metrics.

Key Points: 
  • AUSTIN, Texas, May 9, 2024 /PRNewswire/ -- SecureIQLab LLC, a leading provider of cloud security validation solutions, proudly announces the release of the first-ever Web Application & API Protection (WAAP) test to include the quantification of the critical secure-by-design and operational efficiency metrics.
  • SecureIQLab Releases the First-Ever "Secure-by-Design" Web Application & API Protection (WAAP) Public Test Report.
  • According to Jay Pathak, SecureIQLab's Chief Scientist, "Security products have come under increasing fire by cyber-criminals and nation-states.
  • Without enforcing a secure-by-design approach, if a security product is compromised, the assurance of safeguarding everything the solution is intended to protect becomes uncertain."

HAProxy Enterprise 2.9 Sets the Security Standard for Application Delivery

Retrieved on: 
星期一, 五月 6, 2024
Denial-of-service attack, ModSecurity, RADIUS, CRS, DNS, NTP, XSS, Conference, API, Infobip, HAProxy, Data science, Automation, UDP, Organization, Privacy, RFI, WAF, Intelligence, Critical, OWASP, SQL, RSA, Fraud, Online shopping

"The next-generation HAProxy Enterprise WAF protects our public APIs and user portal and makes a valuable improvement to our overall application security posture," said Andro Galinović, Chief Information Security Officer at Infobip.

Key Points: 
  • "The next-generation HAProxy Enterprise WAF protects our public APIs and user portal and makes a valuable improvement to our overall application security posture," said Andro Galinović, Chief Information Security Officer at Infobip.
  • Flexible integration with HAProxy Enterprise's suite of other powerful security layers (including the next-generation HAProxy Enterprise WAF and Global Rate Limiting) allows customers to tailor their protection and enforcement options based on the context provided by the HAProxy Enterprise Bot Management Module and the other security signals available in HAProxy Enterprise.
  • The release of HAProxy Enterprise 2.9 reinforces HAProxy Technologies’ position as the industry leader in application delivery and security.
  • Application teams using another load balancer or application delivery controller can request a free trial that includes all features of the HAProxy Enterprise suite with no performance limitations.

Traceable AI Introduces Industry-First Generative AI API Security Capabilities

Retrieved on: 
星期二, 五月 7, 2024
Semiconductor, Security, Satellite, Photography, Nanotechnology, Audio, Video, Telecommunications, Artificial Intelligence, Software, Networks, Internet, Hardware, Electronic Design Automation, Data Management, Consumer Electronics, VoIP, Digital Cash Management, Digital Assets, Technology, Mobile, Wireless, Ecosystem, AI, LLM, API, Information, Traceability, Cataloging (library science), Synthetic media, Early access, OWASP, Education for librarianship, Generative, RSA, Organization, Medical device

RSA CONFERENCE 2024 — Traceable AI , the industry's leading API security company, today announced an Early Access Program for its new Generative AI API Security capabilities.

Key Points: 
  • RSA CONFERENCE 2024 — Traceable AI , the industry's leading API security company, today announced an Early Access Program for its new Generative AI API Security capabilities.
  • By launching Generative AI API Security capabilities in Early Access, Traceable extends its comprehensive API security platform to specifically target the security risks of integrating Generative AI into applications.
  • Key Features and Capabilities Include:
    New Generative AI API Security Dashboard: A dedicated dashboard allows organizations to gain insights into the security posture of Generative AI APIs within their applications.
  • “With the introduction of our Generative AI API Security capabilities, we are helping enterprises to embrace the potential of AI technologies while securing their API ecosystem.

Security Compass Empowers Developers with FREE Access to New LLM OWASP Top 10 Interactive Lab

Retrieved on: 
星期二, 五月 7, 2024
Education, Security, Apps, Applications, Technology, Software, Artificial Intelligence, Training, Media, Multimedia, OWASP, LLM, Developer, Organization, AI, Medical device

Security Compass , The Security by Design Company, proudly unveils its latest initiative aimed at fortifying the software development community: free access to our new LLM OWASP Top 10 interactive lab .

Key Points: 
  • Security Compass , The Security by Design Company, proudly unveils its latest initiative aimed at fortifying the software development community: free access to our new LLM OWASP Top 10 interactive lab .
  • By providing developers with practical, real-world scenarios, we empower them to grasp the intricacies of application security, ensuring solutions are secure by design."
  • The LLM OWASP Top 10 lab serves as an indispensable resource, offering comprehensive guidance on mitigating vulnerabilities introduced by generative AI, in alignment with OWASP standards.
  • Complementing our existing suite of offerings, including the AI/LLM security fundamentals course "LLM101 - Defending AI for Developers," the free LLM OWASP Top 10 lab amplifies our mission to enable organizations to release secure and compliant software with confidence and speed.

Elastic Security Labs Releases Guidance to Avoid LLM Risks and Abuses

Retrieved on: 
星期一, 五月 6, 2024
Networks, Search Engine Optimization, Internet, Search Engine Marketing, Artificial Intelligence, Data Management, Communications, Technology, Safety, LLM, Research, Intelligence, Engineering, DNA, Synthetic media, Socs, ESTC, GitHub, OWASP, Open, Risk, Organization, Risk management

Elastic (NYSE: ESTC), the leading Search AI company, announced LLM Safety Assessment: The Definitive Guide on Avoiding Risk and Abuses , the latest research issued by Elastic Security Labs .

Key Points: 
  • Elastic (NYSE: ESTC), the leading Search AI company, announced LLM Safety Assessment: The Definitive Guide on Avoiding Risk and Abuses , the latest research issued by Elastic Security Labs .
  • The LLM Safety Assessment explores large language model (LLM) safety and provides attack mitigation best practices and suggested countermeasures for LLM abuses.
  • This has expanded the attack surface and left developers and security teams without clear guidance on how to adopt emerging LLM technology safely.
  • In addition to 1000+ detection rules already published and maintained on GitHub, Elastic Security Labs added an initial set of detections just for LLM abuses.

Guardsquare Augments Free Mobile App Security Testing Product With Enterprise-Ready Version

Retrieved on: 
星期二, 五月 7, 2024
Security, Mobile, Wireless, Apps, Applications, Technology, Software, DevOps, OWASP, SAST, Enterprise, Automation, MAST, Organization, IOS, Mobile phone

Guardsquare, the mobile application security provider, today announced the company’s award-winning free mobile application security testing (MAST) product, AppSweep, is now available in an enterprise version to help organizations scale their ability to find and address security risks across multiple teams working at different stages of mobile app builds.

Key Points: 
  • Guardsquare, the mobile application security provider, today announced the company’s award-winning free mobile application security testing (MAST) product, AppSweep, is now available in an enterprise version to help organizations scale their ability to find and address security risks across multiple teams working at different stages of mobile app builds.
  • AppSweep Enterprise facilitates access across teams, compliance with IT security policies and seamlessly integrates with existing tools and systems.
  • “I am proud of the ongoing evolution of AppSweep as we continue our quest to make mobile app security testing accessible to organizations of all sizes - now in both free and paid versions,” said Roel Caers, CEO of Guardsquare.
  • “AppSweep has become our go-to mobile applications security testing tool, with its low rate of false positives and actionable advice to avoid security issues,” says a leading financial services provider.

Data Theorem Named Winner of Global InfoSec Award for Mobile Protection during RSA Conference 2024

Retrieved on: 
星期一, 五月 6, 2024
Blog, CDM, React Native, Google Play, News, Risk, Android, SDK, Conference, ISO, PCI, App Store (iOS/iPadOS), OWASP, RSAC, RSA, Organization, SAN, IOS, Collision avoidance system, Mobile phone

SAN FRANCISCO, May 6, 2024 /PRNewswire/ -- Data Theorem, Inc., a leading provider of modern application security, today announced it has won the coveted Global InfoSec Award, as announced at the RSA Conference 2024 by Cyber Defense Magazine (CDM), the industry's leading electronic information security magazine. Data Theorem's Mobile Protect won in the Best Pioneering Mobile App Security awards category.

Key Points: 
  • SAN FRANCISCO, May 6, 2024 /PRNewswire/ -- Data Theorem, Inc., a leading provider of modern application security , today announced it has won the coveted Global InfoSec Award, as announced at the RSA Conference 2024 by Cyber Defense Magazine (CDM), the industry's leading electronic information security magazine.
  • Data Theorem's Mobile Protect won in the Best Pioneering Mobile App Security awards category.
  • Data Theorem's Mobile Protect is the Active Protection capability available with Mobile Secure.
  • Mobile Protect is the #1 downloaded security SDK on the Apple App Store and Google Play Store since 2015.

Bugcrowd Introduces AI Penetration Testing to Improve Customers' Confidence in AI Adoption

Retrieved on: 
星期三, 五月 1, 2024
Safety, ROI, Internet of things, Risk, News, AI, LLM, Telstra, Growth, Intelligence, AI safety, Government, Booth, OWASP, Bias, T-Mobile, Commoditization, API, SAN, Medical device

SAN FRANCISCO, May 1, 2024 /PRNewswire/ -- Bugcrowd, the leader in crowdsourced security, today introduced the availability of its AI Pen Testing on the Bugcrowd Platform to help AI adopters detect common security flaws before threat actors take advantage. AI Pen Testing is now part of  Bugcrowd's AI Safety and Security Solutions portfolio, in addition to the recently announced AI Bias Assessment offering.

Key Points: 
  • SAN FRANCISCO, May 1, 2024 /PRNewswire/ -- Bugcrowd , the leader in crowdsourced security, today introduced the availability of its AI Pen Testing on the Bugcrowd Platform to help AI adopters detect common security flaws before threat actors take advantage.
  • AI Pen Testing is now part of  Bugcrowd's AI Safety and Security Solutions portfolio , in addition to the recently announced AI Bias Assessment offering.
  • AI also presents new categories of potential security vulnerabilities, as reflected in President Biden's Executive Order 14110 that calls for "AI red teaming" (methods unspecified) by all government agencies.
  • To learn how the Bugcrowd Platform can equip your organization to protect itself from AI risk, visit Bugcrowd.com or download The Ultimate Guide to AI Security .

AIShield Forges Strategic Partnership with F5 to Safeguard Generative AI Applications

Retrieved on: 
星期三, 五月 1, 2024
Cloud, Safety, Policy, LLM, Partnership, Software as a service, MITRE, Synthetic media, Privacy, FFIV, OWASP, ATLAS, Generative, NIST, Organization, Fraud, Medical device

BENGALURU, India, May 1, 2024 /PRNewswire-PRWeb/ -- AIShield, a leading provider of AI security solutions, has announced a strategic partnership with F5 (NASDAQ: FFIV) aimed at securing Generative AI applications. Leveraging AIShield's expertise in AI security and F5's cutting-edge Distributed Cloud Services and application security portfolio, the collaboration seeks to address the complex challenges associated with the deployment of Generative AI-based applications across various industries.

Key Points: 
  • BENGALURU, India, May 1, 2024 /PRNewswire-PRWeb/ -- AIShield, a leading provider of AI security solutions, has announced a strategic partnership with F5 (NASDAQ: FFIV) aimed at securing Generative AI applications.
  • Leveraging our expertise in AI security and mixing that with F5's experience in securing multicloud applications, we are creating an industry-first end-to-end firewall tailored for generative AI applications.
  • The Partnership between AIShield and F5:
    The partnership between AIShield and F5 is a strategic response to the evolving security landscape posed by Generative AI.
  • This partnership represents a significant step forward in addressing the security challenges associated with Generative AI, empowering organizations to deploy, operate, and scale Generative AI applications securely and responsibly.

FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support Cybersecurity Compliance

Retrieved on: 
星期四, 四月 18, 2024
FreeBSD, 4E, Organization, Repository, Executive, SSDF, OMB, Version 1, Government, ONTAP, BSA, Management, Federation, FreeBSD Foundation, GSA, NetApp, OWASP, General Services Administration, CISA, NIST, Engineering, Artifact, Medical device

The SSDF Attestation continues the FreeBSD community’s longstanding commitment to security by providing transparency and trustworthiness in its software development environment.

Key Points: 
  • The SSDF Attestation continues the FreeBSD community’s longstanding commitment to security by providing transparency and trustworthiness in its software development environment.
  • First announced by the FreeBSD Foundation in November 2023 , the FreeBSD SSDF Attestation, which conforms to the CISA SSDF Self-Attestation , includes references and sources that validate the trustworthiness of the FreeBSD development process, offering partners and potential collaborators confidence in the community’s rigorous standards.
  • "The SSDF Attestation from the FreeBSD Foundation aligns with our commitment to deliver secure and reliable networking infrastructure.
  • This attestation enhances our credibility and demonstrates our adherence to rigorous security standards.”
    To learn more about the SSDF Attestation and the advantages of partnering with the FreeBSD Foundation, interested parties are encouraged to contact [email protected].