Software as a service (SaaS) has taken over, and the average enterprise now uses hundreds of unique SaaS applications to accelerate their digital transformation and business velocity. However, while SaaS has fulfilled its growth-enabling potential, most organizations have lost their grip on its consumption and use. IT and security teams can no longer depend on network or endpoint controls to govern application access.
NTT Application Security released its six-month trend findings in its AppSec Stats Flash Vol. 7, reporting on the current state of application security and the wider threat landscape, including Window of Exposure (WoE), Vulnerability by Class, and Time to Fix.
Lookout, Inc. announced the discovery of major crypto mining scams using hundreds of Android apps. In total, security researchers at the Lookout Threat Lab identified more than 170 apps that are estimated to have scammed more than 93,000 victims.
Now that there’s momentum to build security controls into your Software-as-a-Service (SaaS) deployment, here are some actions that organizations can take in order to kickstart a SaaS security program.
WhiteHat Security published their latest installment of the AppSec Stats Flash report and podcast, surveying the current state of the application security and wider threat landscape.
Barak Tawily, Chief Technology Officer and Co-Founder of Enso Security, argues that most AppSec teams today spend most of their time creating relationships with developers and performing operational and product-related tasks — and not on application security. Here, we talk to Tawily about AppSec and why enterprise security should be concerned with AppSec.
With the Colonial Pipeline ransomware attacks that caused widespread East Coast fuel shortages still fresh in our minds, new WhiteHat Security research has found that application specific attacks are equally, if not more, likely than ransomware attacks.
Researchers at Check Point Research analyzing Android apps have discovered serious cloud misconfigurations leading to the potential exposure of data belonging to more than 100 million users.
In a report published recently, the firm discusses how the misuse of real-time database, notification managers, and storage exposed over 100 million users’ personal data (email, passwords, names, etc.) and left corporate resources vulnerable to malicious actors.
An email entered into court this week in Epic Games' lawsuit against Apple shows that Apple managers uncovered 2,500 malicious apps had been downloaded a total of 203 million times by 128 million users in 2015. Evidence shows Apple managers chose to not disclose this security incident.