Enterprise Security, Platform Security, Software Security

BreachLock Releases API Penetration Testing Service to Improve API Security Testing for Companies

Prnewswire | March 29, 2023 | Read time : 04:00 min

BreachLock Releases API Penetration Testing Service

BreachLock officially launched its API Penetration Testing Service today, making API security testing faster, more scalable, and more affordable compared to alternative pentesting providers. The company is best known for its human-led, AI-enabled Pen Testing as a Service (PTaaS) solution delivered via its award-winning client portal. API penetration testing will help organizations prevent cybercriminals from exploiting unpatched API vulnerabilities to perpetrate cybercrimes.

BreachLock is known for its innovative pentesting approach as a leader in the emerging PTaaS market. With a global reputation for delivering enterprise-grade penetration testing services, Breachlock leverages automation to ensure affordability and speed for clients held back by alternative pentesting options. With integrated remediation, companies can decrease their window of exposure to critical API vulnerabilities fast. Clients receive evidence-backed pentest reports with guided remediation on critical vulnerabilities, along with 12 months of access to retest, generate reports, and run scans inside the client portal.

Regarding its new security testing offering, BreachLock's Founder & CEO, Seemant Sehgal, comments, "With the rise in security breaches involving insecure APIs, it's our responsibility to enable clients to prevent similar incidents." Sehgal adds, "Staying ahead of cyber adversaries is the name of the game. With today's threat landscape, agile pentesting is the key to combatting security breaches, especially when done regularly."

BreachLock's API pentesting service is conducted by 100% in-house, certified expert pentesters (e.g., CREST, OSCE, OSCP, CISSP, CEH) that leverage AI and automation to accelerate the process and deliver more accurate results that closely correlate with OWASP best practices. Its security experts apply maximum business logic to every API pentest during a manual deep dive and ensure zero false positives by validating automated findings.

About BreachLock

BreachLock® is a global leader in cybersecurity and Penetration Testing services combining the power of human hackers, artificial intelligence, and automation. Engineered for agility and scalability for digital environments of any scale, on its cloud-native platform, BreachLock delivers full-stack, Human-led, AI-enabled, Pen Testing as a Service (PTaaS), enabling organizations to accelerate pentesting by 50% and reduce TCO by 50% in comparison to alternative penetration testing companies. BreachLock helps clients accelerate their security maturity, meet compliance requirements (i.e., PCI DSS, ISO 27001, HIPAA, GDPR, SOC 2), and conduct third party security vendor assessments.

Spotlight

In 2020, Cisco set out to move from a traditional networkbased perimeter and VPN model to a zero trust framework. Dubbed ‘borderless ’ internally, the core goal was to give users a secure, uniform experience accessing applications, wherever the user or application is located. Using the features of Duo Beyond, our team set out to

Spotlight

In 2020, Cisco set out to move from a traditional networkbased perimeter and VPN model to a zero trust framework. Dubbed ‘borderless ’ internally, the core goal was to give users a secure, uniform experience accessing applications, wherever the user or application is located. Using the features of Duo Beyond, our team set out to

Related News

Cloud Security

Fortinet New SASE Offerings Improve Cloud Protection for Microbranches

Fortinet | September 05, 2023

Fortinet, the worldwide cybersecurity leader driving the integration of networking and security, has announced new enhancements to its market-leading single-vendor Secure Access Service Edge (SASE) offering. FortiSASE already shields the hybrid workforce using a unified agent and includes SD-WAN integration for the branch. This solidifies FortiSASE's position as the market's most comprehensive offering. The list of Fortinet extended SASE solutions: SASE for Microbranches and IoT/OT Devices: FortiSASE now offers expanded integrations within the Fortinet wireless local-area network (WLAN) suite to aid organizations in securing microbranches and associated devices. FortiAP wireless access points intelligently offload traffic from microbranches to a SASE point of presence (POP) for scalable security inspection of all devices, including IoT and OT devices. This integration also implies that the Fortinet WLAN portfolio can be managed by the same straightforward, cloud-based management console customers already use for FortiSASE. Enhanced Data Loss Prevention Service: As a component of its cloud-delivered security services, FortiSASE includes the FortiGuard-powered Data Loss Prevention (DLP) service to safeguard sensitive data across the entire hybrid environment. This service now consists of a broader range of file types, data identifiers, and Software-as-a-Service (SaaS) applications, along with sophisticated data matching techniques to prevent accidental data breaches. By constant DLP enhancement, Fortinet provides organizations with a detailed understanding of their cloud applications and the tools needed to defend against new threats effectively. End-to-end Digital Experience Monitoring: For comprehensive network and SaaS application monitoring, Fortinet's Digital Experience Monitoring (DEM) solution integrates with FortiSASE to offer insights across users, Fortinet global SASE POPs, and the performance of SaaS applications such as WebEx, Office365, and Dropbox. In addition, this integration enable endpoint monitoring to provide end-to-end visibility, empowering IT teams with the data they need to decrease resolution times and ensure a positive user experience. Leveraging FortiGuard AI-Powered Security Services, Fortinet's SASE provides an extensive set of features, including unified security, streamlined management, and end-to-end Data Edge Management (DEM). This is accomplished by seamlessly integrating cloud-based security components, such as a cloud access security broker, secure web gateway, and Firewall-as-a-Service, in conjunction with networking functionalities through Software-Defined Wide Area Networking (SD-WAN). In addition, the solution incorporates Universal Zero Trust Network Access (ZTNA) capabilities to ensure resilient and secure connectivity to and from the internet, privately hosted applications, and Software as a Service (SaaS) applications.

Read More

Enterprise Security

Guardsquare Announces Strategic Partnership with Redbelt Security

Silicon Canals | July 14, 2023

Sendle, the most affordable delivery service built for small business, has beefed up its portfolio of shipping services designed to help small businesses succeed with the launch of Sendle Three-Day Guaranteed. This new, expedited shipping service offers small businesses a reliable, cheaper option to United Parcel Service (UPS) for fast, national package delivery. Proving that affordable shipping does not have to be slow, small businesses throughout the U.S. can now take advantage of Sendle’s expansive national network for even more efficient package deliveries that save them more time and money. With Sendle Three-Day Guaranteed, all small businesses can now get their goods picked up from their doorstep and delivered in three business days or less to wherever they need to go in the U.S. – with no extra fees or contracts. There is also no minimum pick-up quantity required. If a Sendle package isn’t delivered within three business days, Sendle will refund the small business the cost of the delivery – no questions asked. The Sendle Three-Day Guaranteed service includes tracking and $150 cover, and is 100% carbon-neutral at no extra cost. “Small businesses deserve more choice and fairer pricing when it comes to parcel delivery. That’s why Sendle is leading the charge to shake up the logistics space by delivering quick, reliable, and cheaper shipping services tailored specifically for small business. Today, we are proud to introduce a game-changing alternative to UPS that is guaranteed to get goods delivered in three days or less, at an unbeatable price,” says James Chin Moody, Sendle CEO and co-founder. “We are on a mission to liberate small businesses from the burdens of logistics, allowing them to focus on what truly matters. By unlocking precious time while saving them some money, we’re empowering small businesses to thrive. This is just the beginning – you can expect to see even greater innovations from us as we relentlessly fight for the success of small businesses.” Complementing Sendle Saver, the company’s best value shipping option, and Sendle Preferred, which offers delivery in one to five days, the new Three-Day Guaranteed service provides the same, easy and reliable service Sendle’s small business customers have already come to love – and now at an even faster pace. Sendle handles the end-to-end journey of every parcel shipped, offering dedicated customer service by real people, as well as a powerful online dashboard where customers can track and reschedule their deliveries, and more. “Brush Club operates in the sustainability sector and fast and reliable deliveries are integral elements of our brand promise. Customers value our commitment not just to their dental health, but also to the environment. A crucial part of that commitment is ensuring we deliver their sustainable dental kits in a timely and reliable manner,” says Santiago Martinez Oropeza, CEO and founder of Brush Club. “Sendle understands that small businesses like ours have to work fast. And now, with their Three-Day Guaranteed service, we can promise delivery times and keep them, and that builds trust with customers, sets us apart in a competitive market, and greatly enhances our customer retention.” Small businesses can sign up for fast, more affordable shipping now Sendle Three-Day Guaranteed starts at $4.59 and small businesses in the U.S. can immediately sign up and start using the service at sendle.com. “Sendle’s new Three-Day Guaranteed Service will benefit us and our customers – especially with our refill option taking off,” says Yvette Nathalie Brown, celebrity tea tender and founder of Tshikovi Tea House. “Our customers can refill their orders by sending their canisters back to us, and the sooner we get them back, the sooner we can refill them. Faster and more affordable shipping means our customers won’t run out of their favorite teas and our business can continue to grow with increased customer retention.” The new Sendle Three-Day Guaranteed service is also available as an option to shipping and e-commerce platforms through Sendle’s new Digital Partner Program (DPP) that was also announced today. More information about Sendle’s new DPP can be found online. About Sendle Sendle is the first carrier in the United States specifically designed to serve the needs of small ecommerce businesses. Sendle levels the playing field for small businesses by offering simple, affordable shipping across the U.S. and internationally, with no hidden fees, subscriptions, or warehousing required. Merchants simply purchase a label and schedule a pickup from Sendle, and their package can be dropped off or picked up from their front door. Sendle is also the first 100% carbon neutral shipping carrier in the U.S. and is a Certified B Corporation and Climate Neutral Certified. The company was founded in Australia in 2014 and is headquartered in Sydney, Australia; Seattle, Washington; and Toronto, Canada.

Read More

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More