Blog

Security Insights

Deep dives, expert analysis, and practical guidance on exposure management, adversarial validation, and the future of AI-driven exposure management.

Penetration Testing

Web Application Penetration Testing: Steps & Test Cases

How secure are your web applications, really? Consider the risk of a malicious actor exploiting hidden vulnerabilities before you have the chance to address them. Web Application Penetration Testing is crucial for discovering these weaknesses. By simulating real-world attacks and using well-structur

Aug 21, 202414 min

OWASP

Understanding the OWASP Top 10 Application Vulnerabilities

The OWASP Top 10 is a globally recognized guide to the most critical web application security risks. Compiled by industry experts, it highlights vulnerabilities like broken access control, cryptographic failures, and injection attacks, issues that put sensitive data and business operations at risk.

Aug 13, 202419 min

CVEVulnerability Management

Top CVEs of July 2024: Key Vulnerabilities and Mitigations

July 2024 has surfaced a series of significant vulnerabilities that could compromise the security of many organizations. From Bamboo Data Center flaws to critical issues in ServiceNow, these vulnerabilities present serious risks. This blog explores the top five CVEs of the month, providing detailed

Jul 31, 20246 min

Vulnerability Management

Vulnerability Management Lifecycle: The Ultimate Guide to Business Security

63% of organizations faced cyberattacks due to unpatched vulnerabilities, yet leading companies stay ahead with a strong Vulnerability Management Lifecycle (VML). This structured process helps identify, prioritize, and remediate risks across IT assets, reducing exposure and strengthening resilience.

Jul 16, 202427 min

Vulnerability IntelligenceVulnerability Management

Top 5 CVEs and Vulnerabilities of May 2024

May brought a fresh batch of security headaches. This month, we're focusing on critical vulnerabilities in widely used software like Apache, Gitlab, and Github. These flaws could allow attackers to steal data, hijack systems, or wreak havoc in your network. Let's break down the top 5 CVEs you need t

Jun 3, 20246 min

Compliance

Adaptive Service Level Agreements (SLA) for Vulnerability Management- A strobes Guide

Traditionally, organizations have often relied on a standardized SLA for vulnerability management, imposing identical remediation timelines across all teams and vulnerabilities. This approach suffers from several shortcomings: Overwhelm and Discouragement: Teams with limited resources struggle to me

May 13, 20247 min

Cloud Security

Open Source Security: How Strobes Integrates Security into Your Dev Workflow

Cloud-native development thrives on open source software (OSS). It offers readily available, pre-built components that accelerate development lifecycles. However, this very advantage presents a significant Open Source Security challenge for DevSecOps: OSS security vulnerabilities. A single critical

May 8, 20247 min

Vulnerability IntelligenceVulnerability Management

A Closer Look at Top 5 Vulnerabilities of April 2024

Keeping pace with the latest cybersecurity threats is vital for organizations of all sizes. Here at Strobes, our security team has assembled a list of the top 5 most critical Common Vulnerabilities and Exposures (CVEs) discovered in April 2024. By staying informed about these vulnerabilities, you ca

May 3, 20245 min

Application Security

Exploiting Limited Markup Features on Web Applications

Limited markup features. Big vulnerabilities? Web applications security might seem straightforward, but stripped-down code can create hidden weaknesses. Web applications that support limited markup in fields, such as comments, utilize a simplified version of markup languages to enable users to forma

Apr 8, 20247 min

Vulnerability IntelligenceVulnerability Management

Top 5 Vulnerabilities for March 2024: A Closer Look at the XZ Utils Supply Chain Attack

March may have roared in like a lion, but for cybersecurity professionals, it was more like a backdoor sneaking into a critical utility. This month, we've seen some serious contenders, but one in particular has sent shockwaves through the open-source software (OSS) community: CVE-2024-3094, a sneaky

Apr 2, 20245 min

Vulnerability Prioritization

Prioritizing Vulnerabilities: A Growing Imperative

Did a security breach just become your biggest nightmare? It's a harsh reality for many companies. A whopping 76% of enterprise IT security executives reported business disruptions due to vulnerabilities in just the past year. Vulnerability scanners overwhelm you with thousands of vulnerabilities, l

Mar 29, 20244 min

Vulnerability Intelligence

Atlassian Patches Critical Bamboo Bug and Over 20 Other Vulnerabilities

Atlassian recently addressed a critical security flaw (CVE-2024-1597) impacting Bamboo Data Center and Server versions. This SQL injection vulnerability, discovered by SonarSource security researcher Paul Gerste, allows attackers to potentially compromise vulnerable systems without needing user inte

Mar 22, 20242 min

Security Insights

Web Application Penetration Testing: Steps &amp; Test Cases

Understanding the OWASP Top 10 Application Vulnerabilities

Top CVEs of July 2024: Key Vulnerabilities and Mitigations

Vulnerability Management Lifecycle: The Ultimate Guide to Business Security

Top 5 CVEs and Vulnerabilities of May 2024

Adaptive Service Level Agreements (SLA) for Vulnerability Management- A strobes Guide

Open Source Security: How Strobes Integrates Security into Your Dev Workflow

A Closer Look at Top 5 Vulnerabilities of April 2024

Exploiting Limited Markup Features on Web Applications

Top 5 Vulnerabilities for March 2024: A Closer Look at the XZ Utils Supply Chain Attack

Prioritizing Vulnerabilities: A Growing Imperative

Atlassian Patches Critical Bamboo Bug and Over 20 Other Vulnerabilities

Web Application Penetration Testing: Steps & Test Cases