When it comes to protecting your attack surface, there’s hardly anything more challenging than APIs. After all, APIs are your way of granting public access to data you’re responsible for protecting. And if you’re going to have a public-facing door to your data, you’d...
Listen to any cybersecurity tool vendor and they’ll try to convince you of two things. You need their type of product for protection and theirs is the best of breed. And most of them can be very persuasive. The result? Lots of unused (and often unneeded) security...
It’s easy to think of threat modeling as something developers do during the DevOps process to ensure a safe application. And that’s certainly true. To that end, threat modeling is something you do when developing an application. But that’s not the only time you should...
Any piece of code can have a vulnerability. Whether application code or infrastructure code, errors, oversights and misconfigurations happen. The question developers must answer is, how many negative outcomes an attacker could realize because of that vulnerability....
As 2022 comes to an end, we’ve definitely seen some major themes emerge with regard to threat modeling. In this year in review, we discuss some of the more important ones. The Ever Expanding Scope of Threat Modeling Perhaps the most recurrent theme in 2022 was the...