David Lindner, Director, Application Security

AppSec Observer

Insight #1 According to Google, zero days being exploited in the wild jumped 50% last year. I just don't understand your thought process if you are not looking at control layers like Runtime Security to help detect and prevent these unknown vulnerabilities ... Read More

Insight #1 Things are well and good in the hacker community, as they are now attacking critical water systems. But honestly, one of the attacks was due to a default admin password on some operations gear. How can we do better? These problems should have been solved by now ... Read More

Insight #1 If you want insight into how difficult security is, look at the Cybersecurity and Infrastructure Security Agency (CISA). The agency was recently breached through a Common Vulnerability and Exposure (CVE) it had placed on its Known Exploited Vulnerabilities (KEV) list. It's difficult out there, folks; keep fighting the ... Read More

Insight #1 If you’re not performing routine tabletop exercises to ensure that your organization is protected from cybersecurity vulnerabilities, you should be. It's one thing to have detailed processes for executing during an incident, but if you never test those processes, how do you know they work? ... Read More

Insight #1 As was made clear by the recent blowup over Google’s Gemini image creation tool last week (it generated “embarrassing and offensive results,” as one publication put it), AI is proving more and more to be unpredictable and biased. How does the industry solve these issues? Do we need ... Read More

Insight #1 The post quantum encryption era is upon us, and Apple is leading the charge to protect against future quantum computing attacks by boosting security on its iMessage platform, adding a new form of message encryption on top of its existing encryption tools ... Read More

Insight #1 How are you protecting your web and application programming interface (API) applications from attack? In 2023, Contrast Protect blocked 12 million legitimate attacks (including zero days such as the recent Confluence remote-code execution [RCE] vulnerability) out of 4 billion detected attack events. What's stopping you from increasing your ... Read More

Insight #1 From toasters to toothbrushes, the Internet of Things (IoT) continues to wreak havoc on the internet. As consumers, it's important to balance necessity with risk, just like with everything else.  Reality is the average home has anywhere from 20-30 connected devices and we must rely on the security ... Read More

Insight #1 Ransomware payments dropped to 29% in the last quarter of 2023. Will ransomware be a thing if victims stop paying completely? It seems we are getting closer to that reality due to better preparedness and some locations making it illegal to pay ... Read More

Insight #1 Spray and pray: That’s the modus operandi behind the latest successful attack against Microsoft, which resulted in compromise of the company’s email systems. The attackers reportedly got in through an old testing environment, which seemingly had no multi-factor authentication (MFA) stopping them.  Lesson learned: Just because it’s not ... Read More