Blog

Top 7 SOAP API vulnerabilities

Learn what is the purpose of SOAP APIs, how they function, the main difference between REST and SOAP APIs, and what you can do to prevent the 7 most common SOAP API vulnerabilities. What are SOAP APIs Why are APIs important? They serve as a bridge between web services and applications that allow them to […]

2/19/20, 11:18 AM

The most common LDAP Injections and...

In the first part of the LDAP Injections blog, we talked about the basics. The definition of LDAP Services, how they get exploited, and what environments are the most vulnerable to LDAP Injection attacks. In this post  we will go over the most common LDAP Injections and show examples so you can learn how hackers […]

2/18/20, 2:00 PM

Best ways to test Microservices Security

Hello and welcome to another edition of the NeuraLegion blog! Today’s topic is the testing of microservices security. Inherently, the use of microservices results in many new, open and vulnerable connections. Microservices expose endpoints which are usually referred to as APIs to the public. As such, you may ask yourself, with so many potential vulnerabilities, […]

2/13/20, 11:01 AM

The ever-present threat of Magecart attacks

Do you know what “skimming” is? It’s a method that hackers use to gather sensitive information in online payment forums. Credit card numbers, email addresses, and user passwords are stolen. Magecart is a form of data skimming. The targets of these attacks are online shopping cart systems, the most common one being Magento. Attackers get […]

2/12/20, 5:52 PM

Introduction to LDAP Injection

What is LDAP? Information technologies keep progressing at incredible speed. This entails an increase in the amount of sensitive data that is stored in organizational databases. How does one protect this data? With internal firewalls, intrusion detection mechanisms, and so on. An application acts like a gate through which you must pass to get the […]

2/11/20, 1:33 PM

Vulnerabilities, Cyber Threats, Threat Actors and...

There is a never-ending discussion about the terminology around Threat Modeling. In order to have control over data security issues that could potentially impact your business, it is crucial to understand the relationship between four key components: vulnerabilities, cyber threats, threat actors and risks.  This post explains the key differences between vulnerabilities; cyber threats; threat […]

1/24/20, 11:49 AM

Why are SAST solutions not the...

The Basics of Static Analysis Security Testing (SAST) First, let’s cover some basics of what exactly is SAST? It’s a set of technologies that analyze the application’s code, byte code, and binaries line by line. We call it white-box testing as the analyzed code is transparent and available. SAST offers: – Pinpoint accuracy when it […]

1/22/20, 11:54 AM

Operating System Command Injection vulnerabilities and...

What are Operating System Command Injections? Welcome to another edition of the NeuraLegion blog! Today we’ll discuss Operating System Command Injection vulnerabilities. How much of a threat are they? How can you prevent these vulnerabilities? How NexDAST helps to remedy them? We’ll answer all these questions in detail below! Don’t confuse command injection with code […]

1/20/20, 11:59 AM

Cross-site Scripting (XSS) - Everything you...

What is Cross-Site Scripting (XSS)? Cross-site Scripting (XSS) represents a client-side code injection attack. By performing an XSS attack, the attacker aims to execute malicious scripts in the victim’s web browser. The actual attack occurs when the page or web application runs the malicious code. Vulnerable web pages or applications deliver malicious scripts to users’ […]

1/17/20, 7:33 PM

The rising importance of API Security

Why is API Security important? Today we’ll be discussing the ever-rising importance of API security, but first, let’s start with the basics. What is an API? API is an acronym for an application programming interface. It’s used to simplify software implementation and maintenance and extend applications so they are more flexible and accessible. It’s also […]

1/16/20, 2:33 PM

Local File Inclusion (LFI) - What...

What is Local File Inclusion (LFI)? Hello everybody and welcome to another NeuraLegion blog post! Today we will be discussing Local File Inclusions, LFI for short. First things first, what are file inclusions? File inclusions are a key to any server-side scripting language. Web applications’ code is maintained by file inclusions. What does a hacker […]

1/15/20, 5:43 PM

Discovering and remediating Open Redirect Vulnerabilities

What is an Open Redirect Vulnerability? An Open Redirect Vulnerability entails an attacker manipulating the user and redirecting them from one site to another (one with untrusted sources or even one made with malicious purposes in mind). The cybersecurity community doesn’t put enough emphasis on Open Redirect Vulnerabilities because it is most commonly connected to […]

1/14/20, 2:57 PM

NeuraLegion & Bind announce strategic partnership...

The partnership will focus on Bind distributing NeuraLegion’s solutions and offering services associated with these solutions. Tel Aviv, Israel: NeuraLegion today announced a new partnership with Bind. This partnership will enable Bind to distribute NeuraLegion’s DAST and Fuzzer solutions and offer additional services associated with these solutions. We are very excited to partner with Bind […]

1/14/20, 10:38 AM

The importance of Dynamic Application Security...

What is DAST and why is it necessary for your business? What is the best way to see if your security measures are good? Put yourself in the shoes of a hacker and try breaching the defenses of your app, APIs or WebSockets. Dynamic Application Security Testing (DAST) is just that, a black-box security testing […]

1/9/20, 3:52 PM

Software vulnerability risks in the DevOps...

Accelerated software development means less time spent on security Time to market is everything. In today’s industry, many companies bring products to market at a break-neck pace. What does this mean for software developers? They constantly need to release new builds. This significantly limits the amount of time they spend on testing for security vulnerabilities. […]

1/7/20, 11:12 AM

Data Breaches Due to Exposed Databases

As we wrap up our posts for 2019 we thought we would recap the “joy” of some significant breaches that happened in the past through years. May 2020 see us all secure and have no vulnerabilities exposed. A massive breach of sensitive personal information in Ecuador is a recent case where there was no hacking […]

12/30/19, 11:04 AM

Shifting Left - The importance of...

Developers and students have to be told to pay attention to security Recent studies show that developers do not actively pay attention to the security of their code unless directed otherwise. Still, application security is fundamental from the early stages of app development. All team members, including developers and QA people, involved in the product […]

12/27/19, 2:27 PM

What is an XML External Entity...

XML external entity injection, also known as XXE attacks, is one of the most common security vulnerabilities in web applications, APIs, and microservices. It allows hackers to interfere with an application’s processing of XML data. Although the XXE is not as popular as XSS attacks or SQL Injection it is one of the OWASP Top […]

12/16/19, 12:40 PM

What we learned from a very...

We exhibited at Black Hat Europe, one of the Industry’s flagship events, drawing more than 3,000 Cyber Security professionals last week. This conference marked the first in a list of conferences we will be presenting in over the next few months to help share the joy that is NeuraLegion and how we help organizations seamlessly […]

12/13/19, 12:22 PM

The Basics and Prevention of Blind...

Blind SQL injections occur when a web application is exposed to SQL injection, but it’s HTTP responses don’t contain the results of the SQL query or any details of database errors.  In the case of a typical SQL Injection, the database error or the output of the injected malicious SQL query is directly shown in […]

12/11/19, 1:52 PM

What is a Cross-Site Request Forgery...

Cross-site Request Forgery (CSRF/XSRF), also known as Sea Surf or Session Riding is a web security vulnerability that tricks a web browser into executing an unwanted action. Accordingly, the attacker abuses the trust that a web application has for the victim’s browser. It allows an attacker to partly bypass the same-origin policy, which is meant […]

12/9/19, 11:39 AM

NeuraLegion at East Coast CyberSecurity Delegation

Last week NeuraLegion was honored to be one of a select group of Cybersecurity companies invited to participate in a road show organized by the Israeli Export Institute and the Israeli economic mission to North America. The delegation was focused on introducing new and innovative technologies & companies in the Cybersecurity space to both corporations […]

12/2/19, 6:42 PM

CircleCI and NeuraLegion team up to...

Implementing a DevSecOps process was never easier! CircleCI, a leader in cloud-native Continuous Integration, according to Forrester, and NeuraLegion, the maker of the world’s first AI-powered Application Security Testing Tool (AIAST ® ) partner to make the process of delivering secure applications faster and easier than ever. What does that mean for you? Continuous integration […]

11/20/19, 11:50 AM

NeuraLegion Welcomes new VP of R&D,...

NeuraLegion is proud to announce and welcome Company’s new VP of R&D, Sijawusz Pur Rahnama. Sija has a wealth of experience gained from years of hands-on experience as a startup founder, CTO and various engineering roles. His diligence fueled by a product-oriented approach and a keen eye for detail has turned him into a pillar […]

11/14/19, 2:31 PM

Resurgence of DAST for SDLC Integration...

Dynamic application security testing – DAST is one of the oldest automated application security testing techniques, it has been around since the mid-1990s. DAST solutions interact with live web applications and web services, acting like a hacker-in-a-box. It has always been popular with penetration testers and security auditors looking to save valuable time. DAST is […]

11/11/19, 11:10 AM

Discover and Remediate OWASP Top 10...

The information age has advanced the way in which our society generates, stores and exchanges information. Hyperconnectivity, availability and business networking are great benefits of this era. However, we are facing significant new challenges in the realm of cybersecurity and information security, dictating the need for new solutions and a fresh approach to keep up […]

11/8/19, 11:32 AM

Introduction to Mobile Application Security Testing

If you’re suspecting whether or not your mobile app is secured and safe to use, it may be time to consider a security assessment. Average U.S consumer spends about 3 hours a day on digital media using mobile apps and web usage via smartphone. Since mobile apps are collecting user data from personally identifiable information […]

11/5/19, 2:25 PM

What are SQL Injections and How...

SQL injections represent a code injection technique used to attack applications and the data they hold. They usually occur when user input is required, for example, username, but the user gives an SQL statement instead. SQL injections exploit vulnerabilities in the application layer. One example is when a user’s input is either incorrectly filtered, or […]

11/1/19, 12:54 PM

Integrating NexPloit scanning into Azure DevOps

Why should security testing be implemented in the DevOps process? DevOps focuses on speedy completion of the development processes for faster delivery of products and services at a higher quality. Not considering security in the development process can leave your application vulnerable to attacks. This is no different than releasing buddy software. For example, stored […]

10/30/19, 11:44 AM

Cybersecurity In the Era of Industry...

In the era referred to as ‘Industry 4.0’ or ‘The Fourth Industrial Revolution,’ two of the pillars of the technology field;  automation and data transfer are closely coupled with concerns regarding cybersecurity. As organizations own, or use more and more information and assets which become additional nodes in the network, the attack surface area increases […]

10/28/19, 11:48 AM

DOM XSS: What Is DOM-based Cross-Site...

DOM XSS stands for Document Object Model-based Cross-site Scripting. This kind of XSS attack occurs when an application receives some client-side JavaScript that processes data from an unsafe, or untrusted source by writing the data to a potentially dangerous sink within the DOM instead of writing data in HTML which would present a regular XSS. […]

10/23/19, 10:19 AM

The Top 5 Challenges of Microservices...

Over the past few years, the development and deployment of microservices have become the leading method of application development. Unfortunately, security testing has not evolved quickly enough to address the risks introduced by this mass adoption of microservices.   The common practice is to test for vulnerabilities in each microservice, the reason is that every instance […]

10/16/19, 9:44 AM

The History and Future of Artificial...

In today’s world, due to the ever-growing and accelerating amount of the data that needs to be tested and it’s complexity, it’s impossible to keep up using simple automation, which relies on manually coded, heuristic-based solutions. AI is emerging as an important new step in the evolution of automation, being able to take on challenges […]

10/14/19, 2:40 PM

The Cost of a Data Breach...

The Average Cost of a Data Breach For the 14th year, IBM and the Ponemon Institute have released their annual “Cost of a Data Breach” report, aggregating the costs reported by 507 organizations, from 17 industries, and 16 regions. IBM and Ponemon interviewed 3,211 individuals and collected data points regarding the number of client records […]

10/9/19, 10:50 AM

What We Learned At CyberTech Europe

A synopsis of our experience whilst exhibiting at the Innovation Zone at Cybertech Europe 2019 by our SVP Sales & Partnerships, Oliver Moradov. CyberTech has historically been a great event for us, winning the CyberTech TLV 2019 competition as the most innovative and disruptive solution in Cyber – and the event in Rome was as […]

10/4/19, 10:26 AM

Recap - NeuraLegion's CTO speaking at...

It was great to be invited to be part of the inaugural Yalla DevOps event in association with JFrog, last week in Herzliya, Israel. The event was attended by business leaders and DevOps gurus from industry leading companies such as Microsoft, IBM, HP, Synk and SAP, sharing their best practices for software delivery success. Although […]

10/2/19, 7:58 AM

Security Awareness Training - How to...

As the cost of insecure applications grows more and more evident by the day, are we doing everything we can and should, to mitigate the risk? Implementing an information security awareness policy will enable you to impose security responsibilities as part of your corporation’s security protocols and practices. What is Security Awareness? Workplace Security Awareness […]

9/19/19, 9:25 AM

10 Most Important Things a CTO...

This article takes a look at the top 10 things a CTO needs to know about application security in order to motivate and grow the maturity of the development environment towards a strong application security posture. Business models are evolving to tackle the ever-growing challenges of cybersecurity risk and the numerous threats and attack vectors […]

9/11/19, 10:04 AM

Introducing our NEW Website and NEW...

Our NEW Website; our NEW AIAST Product range – your automated AppSec testing platform has got even better..! With a fresh new user experience, our new website mimics our expanding role as the most innovative and disruptive Application Security Testing platform on the market, powered by AI..! With advanced features like streamlined navigation and intuitive […]

9/3/19, 9:38 AM

DevSecOps - Make smarter decisions about...

Writing secure code is becoming a greater challenge every day. Even the largest multinational companies that attract the best developers from all around the world, face the same problem. They are suffering vulnerabilities in their code, from SQL Injection, Cross-Site Scripting, to backdoors. Security is a broad field and one that is difficult to keep […]

8/30/19, 10:55 AM

Meet Us at Cybertech Europe 2019..!

Cybertech is the most important conference and exhibition for cyber technologies outside of the United States, conducting industry-related events all around the globe We will be exhibiting at CyberTech Europe 2019 from 24-25 September in Rome, Italy. We look forward to meeting with our current Italian partners and clients and engaging with new ones, strengthening […]

8/29/19, 8:38 AM

NeuraLegion’s CTO speaking at Yalla DevOps

We are happy to announce that our Co-Founder and CTO Bar Hofesh, will be presenting as part of the DevSecOps technical track at the Yalla DevOps event, in association with JFrog, on the 24th September 2019 in Herzliya, Israel.This is the first event of its kind and we look forward to being a part of […]

8/20/19, 1:03 PM

What Is a Fuzzer and What...

Fuzzing is the art of automatic bug detection,  used for assessing the security and stability of applications and software. A Fuzzer sends invalid, unexpected, random data to the targeted application’s input points in order to stress the application to cause unexpected behavior, resource leaks, or even a crash. Why Should you Fuzz Your Applications? The […]

7/19/19, 10:17 AM