company logo


Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.


By Industry




IT & Telecom


By Role


DevOps Engineer


Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest


Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.




SUNSPOT: An injective attempt to execute a manual supply chain attack

Threat actors leveraged SUNSPOT to automatically inject the SUNBURST backdoor into the Orion app build process after executing the manual supply chain attack.

6 min read

Related Articles


API Security

Application Security


Explore the common web application security misconfigurations and their risks & ...

Web applications are evolving but often prone to misconfigurations, which makes them vulnerable to potential attacks. As the fifth vulnerability on OWASP's Top 10 list, web application security misconfigurations pose a pervasive threat. But why do misconfigurations arise? It could seemingly be a negligible change in the application settings, a developer overlooking security guidelines, or even inadvertently exposing sensitive information to the public. Hackers, ever resourceful, capitalize on these missteps, using them as a gateway to exploit even the most secure applications. In this [blog](, we aim to navigate the nuances of web application security misconfigurations, from defaults to deprecated protocols, highlighting the associated risks and providing effective remedial strategies. From DNS to CORS and S3 Bucket misconfigurations, it's not just about identifying vulnerabilities; it's about fortifying the layers of the web application stack against potential breaches. 1. **DNS Misconfigurations** - *Risk Factors:* - Lack of DNSSEC exposes the application to DNS cache poisoning and man-in-the-middle attacks. - Misconfigured DNS records can lead to misrouting, subdomain takeovers, or unauthorized access. - *Remediation:* - Implement DNSSEC to enhance the security of DNS records. - Regularly audit and verify DNS records to maintain accuracy and integrity. - Adhere to best practices when setting up DNS records to prevent misrouting and unauthorized access. 2. **CORS (Cross-Origin Resource Sharing) Misconfigurations** - *Risk Factors:* - Wide-open CORS policies can result in data leakage and unauthorized API calls. - Insufficient CORS validation allows attackers to bypass access controls and make unauthorized requests. - *Remediation:* - Implement a strict CORS policy specifying allowed origins, methods, and headers. - Enable CORS validation on the server-side to process only authorized requests. - Regularly review and update CORS policies based on application requirements. 3. **S3 Bucket Misconfigurations** - *Risk Factors:* - Publicly accessible S3 buckets expose sensitive data to anyone. - Lack of access controls allows unauthorized users to access sensitive data stored in S3 buckets. - *Remediation:* - Regularly review and restrict permissions of S3 buckets to prevent public access. - Use S3 bucket policies and IAM roles to enforce strict access controls. - Implement logging and monitoring for S3 buckets to detect and respond to unauthorized access attempts. ### How Threatspy Can Help? Threatspy, is a homegrown, AI-powered AppSec Management SaaS platform thoughtfully crafted for Developers & Appsec Teams, which plays a pivotal role in identifying and mitigating web application misconfigurations. Here's how Threatspy can assist: 1. **Automated Scanning** - Threatspy scans web applications and API, including DNS configurations, CORS policies, and S3 buckets, identifying potential misconfigurations and vulnerabilities. 2. **Comprehensive Reports** - Threatspy provides comprehensive reports with discovered misconfigurations and recommended remediation steps, enabling security teams to prioritize and address issues effectively. 3. **Continuous Monitoring** - Threatspy offers continuous monitoring to promptly detect and mitigate misconfigurations, helping organizations maintain a proactive security stance. ### Conclusion Addressing web application misconfigurations is crucial for maintaining a secure online presence. By fixing DNS, CORS, and S3 bucket misconfigurations, organizations can significantly reduce the risk of data breaches and unauthorized access. Threatspy serves as a valuable platform, providing automated scanning, detailed reports, and continuous monitoring to help organizations identify and remediate these misconfigurations effectively. To learn more about the other capabilities of Threatspy, you can request a [Demo](

loading..   05-Jan-2024
loading..   3 min read



Unlock proactive ability to assess any vulnerabilities with the combination of n...

As the dependency on Applications and APIs has turned out to be ever-evolving, so do the vulnerabilities concealed within them remain highly exploited even before modern organizations within the growing threat landscape can identify them. While managing the underlying security risk of Applications and API has always been no less than a challenge for organizations. A standardized approach to assess and prioritize vulnerabilities, exemplified by the Common Vulnerability Scoring System (CVSS), has consistently served as the default framework for gauging the severity of software vulnerabilities. This includes those affecting applications and APIs, critical for navigating the sophisticated exploits orchestrated by new-age adversaries. With the introduction of the highly anticipated framework version, CVSS v4.0, in November 2023 propels the Common Vulnerability Scoring System standard to the next generation. This release offers a whole host of capabilities to evaluate the impact of vulnerabilities and their tendency of exploitation, making it invaluable for organizations to prioritize their remedial actions. In this [blog](, we will thoroughly discuss all about CVSS v4.0, how it is different from previous versions, what it means for organizations, and how it strengthened Threatspy's capability to prioritize and mitigate vulnerabilities proactively. ### **All about CVSS v4.0** [FIRST]( (Forum of Incident Response and Security Teams) has officially introduced the long-awaited [CVSS v4.0](, representing the next generation of the Common Vulnerability Scoring System standard. CVSS v4.0 is a framework for assessing the severity of vulnerabilities. This announcement follows over eight years since the release of CVSS v3.0 in June 2015, marking a substantial milestone in the cybersecurity industry. It provides a standard set of metrics that can be used to measure the impact of a vulnerability on an organization's information assets. The metrics are organized into four groups: Base, Threat, Environmental, and Supplemental. - **Base Metrics:** The Base Metrics serve as the core metrics for evaluating the intrinsic severity of a vulnerability. They encompass exploitability metrics (such as Attack Vector, Attack Complexity, Attack Requirement, Privileges Required, and User Interaction) along with vulnerable system impact metrics (Confidentiality, Integrity, and Availability), as well as subsequent system impact metrics (including Confidentiality, Integrity, and Availability). - **Threat Metrics:** The Threat Metrics gauge the probability of exploiting a vulnerability, encompassing factors like commonness and threat potential. Specifically, they measure the current state of exploit techniques or code availability for a vulnerability, incorporating a variable called Exploit Maturity. This variable quantifies the tendency of the vulnerability to being targeted in an attack. - **Environmental Metrics:** The Environmental Metrics assess a vulnerability's impact on an organization's environment, encompassing factors like confidentiality, integrity, and availability impact. These metrics serve as modifiers to the base metric group, designed to consider aspects of an enterprise that can either elevate or mitigate the net severity of a vulnerability. Within the Environmental Metrics, you'll find Exploitability Metrics, along with Vulnerable and Subsequent System Impact Metrics. - **Supplemental Metrics:** The Supplemental Metrics offer additional context about a vulnerability, encompassing confidentiality, integrity, and availability requirements. These metrics, entirely optional, allow customization of assessments to suit an organization's specific needs. Introducing a new layer, Supplemental Metrics delves into extrinsic attributes not covered by other metric groups. Their optional nature enhances the flexibility to provide a more comprehensive understanding of a vulnerability. ![CVSS V4.0 LIVE.jpg]( ***Common Vulnerability Scoring System V4.0 Now LIVE!!!*** ### **How is CVSS v4.0 different from previous versions?** There are several key differences between CVSS v4.0 and previous versions. Some of the most notable differences include: - **Refined Metrics:** CVSS v4 streamlines assessment by reducing metrics while introducing new ones like Attack Requirements (AT) for detailed insights into exploitability. - **Enhanced Scope and Impact:** Expanding vulnerability assessment, CVSS v4 considers factors like affected components and the impact on confidentiality, integrity, and availability, providing a more holistic risk perspective. - **Improved Alignment with Real-World Threats:** CVSS v4 incorporates a new Threat Metric Group, considering threat agent characteristics, aligning scores with real-world exploitation likelihood. - **Optional Supplemental Metrics:** Introducing an optional Supplemental Metric Group, CVSS v4 provides additional context about vulnerabilities, allowing tailored assessments based on confidentiality, integrity, and availability requirements. - **Improved Clarity and Usability:** CVSS v4 simplifies scoring and calculation, making it easier for organizations to understand and apply scores. More precise definitions and examples for each metric enhance usability. - **Enhanced Extensibility:** Designed to be more extensible, CVSS v4 allows the addition of new metrics and groups to address evolving security threats and technologies. The latest revision aims to address shortcomings by introducing new metrics for vulnerability assessment, including - Safety (S) - Automatable (A) - Recovery ® - Value Density (V) - Vulnerability Response Effort (RE) - Provider Urgency (U). These supplemental metrics enrich vulnerability assessments, offering a more comprehensive analysis of potential risks and threats. Additionally, [CVSS v4.0]( introduces new nomenclature to enumerate scores, including - Base (CVSS-B) - Base + Threat (CVSS-BT) - Base + Environmental (CVSS-BE) - Base + Threat + Environmental (CVSS-BTE) severity ratings. ![Difference between CVSS V3.0 and CVSS V4.0.png]( ***Difference between CVSS V3.0 & V4.0*** | Feature | CVSS v3 | CVSS v4 | | --- | --- | --- | | Number of metrics | 25 | 18 | | Scope | Limited to confidentiality, integrity, and availability | Expanded to consider affected components and impact on confidentiality, integrity, and availability | | Threat assessment | Not explicitly considered | Incorporated into a new Threat Metric Group | | Supplemental metrics | Not available | Optional Supplemental Metric Group provides additional context | | Scoring and calculation | Complex and error-prone | Simplified and more user-friendly | | Extensibility | Limited | Designed to be more extensible for future additions | ### **What does CVSS v4.0 mean for organizations?** CVSS v4.0 is a valuable tool for organizations of all sizes. It can help organizations to: - **Prioritize vulnerability remediation efforts:** CVSS scores can be used to prioritize vulnerability remedial actions so that organizations can primarily focus on the vulnerabilities that pose critical risks. - **Communicate risk to stakeholders:** CVSS scores can be used to communicate the risk posed by vulnerabilities to stakeholders, such as management and customers. - **Track progress over time:** CVSS scores can be used to track progress over time in reducing the risk posed by vulnerabilities. ### **Empowering Application and API Security with CVSS v4.0 and Threatspy: A Match Made in Vulnerability Management Heaven** In the ever-evolving landscape of Application & API Security, staying ahead of the dynamic curve of the threat landscape is not an option anymore for protecting your organization's digital assets. With the introduction of CVSS v4.0, the Common Vulnerability Scoring System, coupled with Threatspy, a leading vulnerability management platform, presents an influential synergy for organizations to assess and prioritize vulnerabilities effectively. ![5 Stages of Vulnerability Management Process by Threatspy]( ***Threatspy Vulnerability Management Process*** ### **Threatspy: A Strategic Vulnerability Management Platform** Threatspy leverages CVSS v4.0 data, empowering organizations to mitigate vulnerabilities concealed in Applications and APIs. Integrating CVSS v4.0 scores seamlessly into its prioritization framework, Threatspy delivers organizations with actionable insights that enable them to: 1. **Identify and Prioritize Vulnerabilities:** Threatspy translates CVSS v4.0 scores into actionable prioritization levels, allowing organizations to quickly identify and focus their remediation actions on the greatest risk vulnerabilities. This prioritization ensures that resources are allocated effectively, enabling organizations to address the most critical issues first. 2. **Make Informed Remediation Decisions:** CVSS v4.0 scores provide a comprehensive assessment of vulnerability severity, taking into account factors such as exploitability, impact, and attack potential. Threatspy harnesses this information to navigate remediation decisions, ensuring that organizations take the most appropriate and effective measures to address each vulnerability. 3. **Streamline Vulnerability Management Processes:** Threatspy's integration with CVSS v4.0 streamlines vulnerability management processes, making it easier for organizations to track, monitor, and manage vulnerabilities throughout their lifecycle. This automation and simplification lead to more efficient and effective vulnerability management practices. 4. **Enhance Risk Communication:** CVSS v4.0 scores are widely recognized and understood by security professionals and stakeholders. Threatspy's use of CVSS v4.0 scores facilitates clear and concise communication of vulnerability risk, enabling organizations to effectively convey the potential impact of vulnerabilities to their teams, partners, and customers. 5. **Stay Ahead of Evolving Threats:** CVSS v4.0 is regularly updated to reflect the evolving threat landscape, ensuring that organizations can access the most up-to-date vulnerability information. Threatspy's integration with CVSS v4.0 ensures that organizations are always aware of emerging threats and can proactively address them before they can cause any intrusion. ### **Conclusion: A Collaborative Approach to Vulnerability Mitigation** Threatspy's integration of the Reachability prioritization framework and CVSS v4 delivers a robust approach to vulnerability prioritization & mitigation. This combination empowers organizations to proactively detect, prioritize, and remediate vulnerabilities, thereby bolstering their application and API security posture. By leveraging Threatspy, businesses can confidently safeguard their critical assets from potential cyber threats. To learn more about the other capabilities of Threatspy, you can request a [Demo](!

loading..   01-Dec-2023
loading..   8 min read

API Security

Application Security

Learn why APIs are becoming the new battleground for application security. Explo...

## Introduction Application programming interfaces (APIs) are the glue that holds together the modern world. They allow applications to communicate with each other, share data, and perform tasks. As a result, APIs are increasingly being used to access sensitive data and systems. This makes them a prime target for cyberattacks. In 2023, APIs are becoming the new battleground for application security. Here are some of the reasons why: - **The number of APIs is exploding:** The number of APIs in use is growing exponentially. In fact, it is estimated that there will be over 500 billion APIs in use by 2023. This growth is being driven by the increasing popularity of cloud computing, microservices, and DevOps. - **APIs are often poorly secured:** API security is often overlooked by developers. This is because APIs are often seen as a communication layer between applications, and not as a security boundary. As a result, APIs are often vulnerable to a variety of attacks, such as unauthorized access, injection attacks, and denial-of-service attacks. - **APIs are used to access sensitive data:** APIs are often used to access sensitive data, such as financial information, customer data, and intellectual property. This makes them a valuable target for attackers. The growing number of APIs, their poor security posture, and the sensitive data they often access make them a major target for cyberattacks. ## How to Mitigate API Security Risks? There are a number of steps that organizations can take to mitigate API security risks. These include: - **Implementing strong authentication and authorization controls:** This will help to prevent unauthorized access to APIs. - **Encrypting data in transit and at rest:** This will help to protect sensitive data from being intercepted or stolen. - **Using API security tools and services:** There are a number of API security tools and services available that can help to detect and prevent API attacks. - **Training developers on API security best practices:** Developers should be trained on how to develop secure APIs. By taking these steps, organizations can help to protect their APIs and the data they access. ## How Threatspy Can Help? Here are some of the ways Threatspy can help organizations mitigate API security risks: - **Comprehensive security scanning:** Threatspy uses advanced heuristic algorithms to scan APIs for a wide range of vulnerabilities, including SQL injection, cross-site scripting, and denial-of-service attacks. - **Accurate assessments:** Threatspy's scanning engine is highly accurate, minimizing false positives and providing organizations with accurate assessments of their API security posture. - **Automated remediation:** Threatspy can automatically remediate many API vulnerabilities, saving organizations time and money. - **Seamless integration:** Threatspy integrates with a wide range of workflow apps & CI/CD pipeline, making it easy for organizations to incorporate it into their existing security processes. **According to a recent report by Akamai, APIs are now the top target for attackers, accounting for 83% of web-related attacks.** With [Threatspy](, developers can confidently release secure APIs and applications, knowing that any vulnerabilities identified can be fixed and remediated in real-time. Threatspy's heuristic approach identifies both known & unknown vulnerabilities and prioritizes with a custom-built Reachability Framework, while its Auto Remediation Playbook and Mitigation Campaign streamline the remediation process and calculate ROI. This allows organizations to rapidly identify & mitigate vulnerabilities than they can today. To get started with Threatspy, [request a demo now !](

loading..   15-Jun-2023
loading..   3 min read