Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).
Noname Security announced its API security platform now fully supports the 2023 OWASP API Security Top 10 risk categories.
With this new integration Noname Security reinforces its position as the leader in API Security by natively supporting both the 2019 and 2023 frameworks to help customers fight against the ever-evolving threats targeting APIs.
Noname’s API Security Platform detects OWASP API Top 10 related vulnerabilities across the widest possible set of sources including log files, replays of historical traffic, configuration files, and more. This allows customers to find and remediate critical issues like excessive data exposure, broken authentication, lack of resources, and rate limiting, among others.
“APIs have many stakeholders, and frameworks like the OWASP API Security Top 10 allow diverse groups across teams to come together and speak the same language,” said Oz Golan, CEO and Co-Founder of Noname Security. “The integration of the 2023 OWASP API Security Top 10 into our platform is a strategic step in helping organizations tackle API security concerns and incorporate API security as part of their broader application security conversations.”
Issued by the Open Worldwide Application Security Project (OWASP), the OWASP API Security Top 10 list serves as a vital resource for identifying the most critical security risks threatening API environments. These vulnerabilities, if left unchecked, can expose sensitive data, compromise user privacy, and wreak havoc on the integrity of software systems.
Originally published in 2019, the OWASP API Security Top 10 was officially updated in June of 2023 with a number of changes to reflect the shifting dynamics of the API security landscape. Besides some consolidated categories, the latest release also includes three new categories including:
- Unrestricted Access to Sensitive Business Flows (API6:2023) – This category is centered on bots and is an indication of the way security vendors influenced the list and their priorities.
- Server Side Request Forgery (API7:2023) – This is new to the API Security Top 10 list and is a common vulnerability in security, whereby a client can redirect the server to somewhere not under its own purview, leading to potential external vulnerabilities.
- Unsafe Consumption of APIs (API10: 2023) – This category is focused on third party APIs and the difference in inherit trust by developers when consuming them versus custom in-house APIs.
Industry News
Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.
Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.
Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.
Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.
Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.
Kindo formally launched its channel partner program.
Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.
Fastly announced the general availability of Fastly AI Accelerator.
Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
Grid Dynamics announced the launch of its developer portal.
LTIMindtree announced a strategic partnership with GitHub.