April's report is focused on web application security, what we keep finding, and why it matters.
What's covered in this edition:
- Threat spotlight on broken access controls (still top on the OWASP Top 10 for a reason)
- Stats from our testing on apps
- Four case studies including the youX breach (444,000 Australians exposed through an unsecured MongoDB cluster)
- The Axios npm supply chain compromise, where a North Korean actor backdoored a package with 70 million weekly downloads
- Hardening tips covering API authorisation and dependency auditing - leading to conversations around product, TAS or GRC projects