-
PDF
Customer Case Study: Preventing Romance Scams at Zoosk
-
PDF
Protecting APIs from Automated Attacks
View PDF
More InfoDriven by mobile device ubiquity and the move towards modular applications, organizations are using APIs to enable application business logic, facilitate integration with other system elements, and reduce development time. Unfortunately, APIs are a double-edged sword, introducing an attack vector that is often times left unprotected. According to Gartner, by 2021, 90% of web-enabled applications will have more surface area for attack in the form of exposed APIs rather than the UI, up from 40% in 20191. There are multiple drivers behind the use of APIs as an attack vector.
-
Webinar
Bulletproof Proxies: Enabling Large Scale Attacks to Hide in Plain Sight
View Webinar
More InfoBulletproof Proxies have taken the concepts of anonymity and availability found in Bulletproof Hosting and extended them to the automated bot attack delivery infrastructure by using large networks of Residential Proxies that mask identity and location. Bulletproof Proxies allow bad actors to distribute their attacks across legitimate user locations making detection and prevention difficult.
This session will cover the following topics:
- The rise of Bulletproof Proxies – how they came to exist
- The balancing act between legitimate and malicious use
- Techniques used to mask their identity and location
- Details on large scale attacks targeting financial services and retail sector
-
Webinar
How APIs Simplify Automated Attacks: The Prying Eye Vulnerability
View Webinar
More InfoThe Prying-Eye enumeration vulnerability recently discovered in leading web conferencing applications by the CQ Prime research team highlights how APIs used in your public-facing applications provide bad actors with the same ease of use, efficiency and flexibility benefits that APIs bring to the development community. Rather than scripting a web form fill, to launch an attack, bad actors will analyze the web or mobile application to understand the business logic while discovering the APIs in use. Armed with that information, bad actors can then create a bot that will execute an automated attack directly against the APIs. In this session, Shreyans Mehta, CTO, and Co-founder of Cequence Security will share recent details of the Prying-Eye attack and the prevalence of using APIs for automated attacks. He will close with security recommendations and how Cequence Security can help.
-
PDF
CQ botDefense SaaS
-
Podcast
DevOps and Securing Applications
View Podcast
More InfoTopic:
Roundtable discussion hosted by Security Weekly on DevOps and Securing Applications featuring industry experts. Listen in on the history of security and what we can learn from the past.
Speaker: Jason Kent, Hacker in Residence at Cequence Security
-
Video
API Vulnerabilities: Protecting APIs from Automated Attacks
View Video
More InfoThere is a global API vulnerability epidemic. Shreyans Mehta, Co-Founder and CTO of Cequence Security, and Alissa Knight, Senior Analyst with Aite Group, sit down to discuss CQPrime’s latest vulnerability disclosure and how organizations can improve when it comes to addressing API security.
-
Video
Customer Interview – Protecting Zoosk from Automated Malicious Bot Attacks
View Video
More InfoAlissa Knight, Senior Analyst with Aite Group, sits down with Zoosk to discuss how they use the Cequence Application Security Platform to protect their public-facing applications from malicious bot attacks.
-
Webinar
Solving Application Security Using Cloud Native Technologies
View Webinar
More InfoApplication security, defined as preventing malicious automated attacks which appear to be legitimate, or syntactically correct and target your public-facing web, mobile, and API-based applications is an often overlooked element of your cloud-native security stack.
Shreyans Mehta, co-founder and CTO of Cequence Security, dives deep into application security and how cloud-native tools such as Envoy and Prometheus bake application security into your Kubernetes deployments.