Blog

Security Insights

Deep dives, expert analysis, and practical guidance on exposure management, adversarial validation, and the future of AI-driven exposure management.

CVEVulnerability Intelligence

Top 5 CVEs & Vulnerabilities of November 2024

November has surfaced several high-impact vulnerabilities, earning their spot among the Top CVEs of November 2024. These issues, ranging from remote code execution flaws to authentication gaps, are raising red flags across the cybersecurity landscape. Left unaddressed, they could lead to unauthorize

Dec 3, 202410 min

Compliance

Setting the Record Straight: Strobes’ Response to the GigaOm Radar for Penetration Testing

At Strobes, our mission has always been to empower organizations with cutting-edge solutions for Penetration Testing as a Service (PTaaS). While we greatly value third-party evaluations, accuracy is critical to maintaining industry standards and credibility. The recent GigaOm Radar for Penetration T

Nov 27, 202410 min

Application SecurityOWASP

API Penetration Testing Methodology and the OWASP API Top 10

A repeatable API pentest methodology on the OWASP API Top 10 (2023): five phases, a test per risk, a real BFLA-to-BOLA chain, a findings table, and config-level fixes.

Nov 26, 20247 min

Cloud pentesting

Cloud Pentesting: How to Identify & Fix Security Gaps in Your Cloud Infrastructure

Hold on, let’s guess. You’ve moved a ton of your business to the cloud – storage, applications, the whole nine yards. Cloud computing offers flexibility, scalability, and a bunch of other benefits. But here’s the not-so-rosy side: 80% of companies have reported a spike in cloud attacks.That’s right,

Nov 18, 202418 min

Application SecurityPenetration Testing

API Penetration Testing Checklist

A phase-by-phase API penetration testing checklist with the real requests, the Schemathesis and Autorize runs, a findings table, and the config fixes, all mapped to the OWASP API Top 10.

Nov 11, 20246 min

Compliance

NYDFS Cybersecurity Regulations Now in Effect: What You Need to Know?

As of November 1, 2024, the new amendments to the (New York State Department of Financial Services) NYDFS cybersecurity regulations have officially come into play. These regulations are significant for financial institutions, insurance companies, and other businesses under NYDFS supervision, as they

Nov 7, 20248 min

Penetration Testing

Integrating PTaaS with CI/CD Pipelines: A Guide to CI CD Security Testing

CI/CD pipelines power rapid software delivery but without security, they open the door to serious risks. Traditional pentesting can’t keep up with fast release cycles, leaving gaps in protection. That’s where Penetration Testing as a Service (PTaaS) comes in. By integrating PTaaS into CI/CD workflow

Nov 6, 202412 min

PTaaS

How PTaaS Supports Shift-Left Security Practices?

Security testing is traditionally squeezed in late, sometimes even right before release, making vulnerabilities harder and costlier to resolve. This is where the concept of Shift Left Security changes the game, moving security practices to earlier phases and catching issues when they’re far easier t

Nov 5, 202417 min

Data Breaches

Major Data Breaches of October 2024

October saw several high-profile data breaches, underscoring the ongoing urgency of strong cybersecurity measures. From tech giants to healthcare providers, multiple sectors experienced critical security incidents that exposed sensitive data. In this blog, we explore the biggest data breaches of Oct

Nov 4, 20244 min

CVEVulnerability Intelligence

Top CVEs & Vulnerabilities of October 2024

October has brought some serious vulnerabilities to the forefront, capturing the attention of cybersecurity teams across industries. If you’re managing IT security or staying alert to cyber threats, knowing which vulnerabilities need immediate attention is essential. From remote code execution flaws

Nov 1, 20248 min

Application SecurityPenetration Testing

What Is API Penetration Testing?

API penetration testing attacks your endpoints the way an attacker does: forging IDs, swapping tokens, smuggling fields. Here is what it covers, what it finds, and why scanners can't.

Oct 27, 20247 min

engineering

Cut RDS Costs by 50% with Aurora Serverless V2 Idle Connection Fix

In a recent migration from a standard RDS DB instance to Aurora RDS PostgreSQL Serverless V2, we encountered an unexpected issue a significant and unexplained increase in Aurora Serverless V2 connections. This anomaly led to spikes in resource utilization, specifically memory, and caused a noticeabl

Oct 25, 20244 min