Stopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255
19 September 2023 - 1 hour 15 minsThe majority of attacks are now automated, with a growing number of attacks targeting business logic via APIs, which is unique to every organization. This shift makes traditional signature-based defenses insufficient to stop targeted business logic attacks on their own. In this discussion, Karl Triebes shares how flaws in business logic design can leave applications and APIs open to attack and what tools organizations need to effectively mitigate these threats.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
In the news segment, a slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2...
Series Episodes
Board Priority But Lack of Access & CISO Pressure, 360 Privacy and Pentera Interviews - Chuck Randolph, Tom Pore - BSW #413
1 hour 10 mins
17 September Finished
AI Nuns, Steganography, You're fired, VoidProxy, C++, Carplay Apriso, Josh Marpet... - SWN #512
34 mins
16 September Finished
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
1 hour 8 mins
16 September Finished
Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424
1 hour 40 mins
15 September Finished
Diella, Texas, Movie Rip Offs, WAF, AdaptixC2, Nano11, and More... - SWN #511
33 mins
12 September Finished
