In the third and final article of our series on the OWASP Top 10 Web Application Security Risks, we’ll explore the lesser-known risks associated with the development of web applications on Rails when it comes to threats involving security misconfiguration, JSON escaping, etc.

The world is a digital place today. We fulfil most of our work, social and family tasks virtually, using the internet. The technology is now so universal, with so few barriers to entry, that practically anyone can connect to this global grid, no matter their technical skills. However, there is a flip side. Many people lack security awareness and knowledge, which can have drastic impacts on their social and financial life.

Before exposing your company’s APIs, your highest priority should be to assure the security, governance and reliability of those APIs. To do so, you’ll need to use an API gateway as a single secure entry point for API consumers rather than allowing direct access to APIs. Kong Gateway can help manage the full lifecycle of services and APIs as well as secure and govern the access to those APIs within an API platform.

The right set of tools helps businesses utilize data to drive insights and value. But balancing a strong layer of security and governance with easy access to data for all users is no easy task. Retrofitting existing solutions to ever-changing policy and security demands is one option. Another option — a more rewarding one — is to include centralized data management, security, and governance into data projects from the start.

A new vulnerability that impacts devices and applications that use Java has been identified in Log4j, the open-source Apache logging library. Known as Log4Shell, the flaw is the most significant security vulnerability currently on the internet, with a severity score of 10-out-of-10. Fortunately, Perforce static analysis and SAST tools — Helix QAC and Klocwork — can help.

If you’ve been online at all this week, chances are that you’ve heard about the Log4Shell zero-day (CVE-2021-44228) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target’s machines. I know the first question that you all have is: “Is Kong affected by Log4Shell?” Let’s start with the good news: No Kong products are affected by this Log4J vulnerability.

Here at Appian, we have experienced tremendous growth in the past few years by helping our customers solve their most important business problems faster. We do this by providing a low-code platform that brings together humans, systems, and most recently, robots in support of any mission.