The breaches will continue until appsec improves. Janet Worthington and Sandy Carielli share their latest research on breaches from 2024, WAFs in 2025, and where secure by design fits into all this. WAFs are delivering value in a way that orgs are relying on them more for bot management and fraud detection. But adopting phishing-resistant authentication solutions like passkeys and deploying WAFs still seem peripheral to secure by design principles. We discuss what's necessary for establishing a secure environment and why so many orgs still look to tools. And with LLMs writing so much code, we continue to look for ways LLMs can help appsec in addition to all the ways LLMs keep recreating appsec problems.
Resources
- https://www.forrester.com/blogs/breaches-and-lawsuits-and-fines-oh-my-what-we-learned-the-hard-way-from-2024/
- https://www.forrester.com/blogs/wafs-are-now-the-center-of-application-protection-suites/
- https://www.forrester.com/blogs/are-you-making-these-devsecops-mistakes-the-four-phases-you-need-to-know-before-your-code-becomes-your-vulnerability/
In the news, crates.io logging mistake shows the errors of missing redactions, LLMs give us slopsquatting as a variation on typosquatting, CaMeL kicks sand on prompt injection attacks, using NTLM flaws as lessons for authentication designs, tradeoffs between containers and WebAssembly, research gaps in the world of Programmable Logic Controllers, and more!
Sandy advises security and risk professionals on application and product security, with a particular emphasis on the collaboration among security and risk, product management, application development, operations, and business teams. Her research covers topics such as proactive security design, protecting modern and emerging application architectures, protection of applications in production environments, and embedding security throughout the product lifecycle.
Janet Worthington is a Senior Analyst for Security & Risk at Forrester. Janet covers product security, software supply chain, Open Source security, and DevSecOps. Janet’s background is in product management and application security.
Security Weekly listeners save $100 on their RSAC Conference 2025 Full Conference Pass! RSA Conference will take place April 28 to May 1 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac25 and use the code 5U5SECWEEKLY! We hope to see you there!
Adrian Sanabria, host of Enterprise Security Weekly, will be running a panelcast with Fastly, titled Security Without Speed Bumps: Using WAF Simulator to Transform DevSecOps Workflows. Join him for this exciting webcast on April 16th. To register for this panelcast, go to securityweekly.com/WAF
Mike Shema
- crates.io security incident: improperly stored session cookies
Another entry in the saga of know what to redact in your logs. Make sure your error messages are informative, but not a liability.
- CaMeL offers a promising new direction for mitigating prompt injection attacks
Finally something interesting on the prompt injection front! Mostly because it's about how to defend against the class of attacks as opposed to adding more trivia to the world of payloads.
It's also a good reminder that it's ok for security analysis to be nondeterministic, but security barriers must be deterministic. LLMs are inherently nondeterministic, which is why this approach embraces a subset of Python in order to establish a reliable control that can be effectively reasoned about.
It won't put an end to all prompt injection, but it's a meaningful improvement.
Check out the research paper for more details.
- The Rise of Slopsquatting: How AI Hallucinations Are Fueling a New Class of Supply Chain Attacks
This post relates to research on LLM hallucinations coming up in this year's USENIX Security Symposium.
We're trading the human-generated typos for typosquatting with the LLM-generated slop for slopsquatting. Lots of orgs move to curated mirrors of package repositories in order to avoid the class of typosquatting attacks (and its peer of dependency confusion). That approach should protect those orgs from this class of attack as well.
This also appeared on the Risky Bulletin.
- The Renaissance of NTLM Relay Attacks: Everything You Need to Know | by Elad Shamir | Apr, 2025
I grabbed this article for two reasons. One, it's a nice overview of NTLMv1 and v2, their history, and their major design flaws.
Those design flaws are good lessons to consider when implementing OAuth2, OIDC, and all the authentication and authorization connections for connecting LLMs to APIs and CLIs.
- Components vs. Containers: Fight? | CNCF
I've been looking for more examples of where WASM and WebAssembly have been adopted. Ignore the Thunderdome pandering of two choices enter, one choice leaves.
Focus on the considerations of performance, efficiency, and reliability and then tack on the security potential of resource isolation and security boundaries.
- SoK: Security of Programmable Logic Controllers
It's like insecure design is pervasive through the world of PLCs and that most of the security research is just looking at a small subset of devices and techniques.
I suspect a major challenge here is how to have an effective bug bounty program around these devices.
The paper also noted the lack of defenses associated with recovering from an attack, with only 6% of the defenses they reviewed relevant to this area. They note, "This means that in the event of a successful attack there are limited options to recover and bring the PLC back to operation."
That kind of challenge easily falls into the more general aspect of resiliency that security teams should be partnering with their SREs and DevOps teams to talk about and improve.
- [FYI] Kubernetes hardening made easy: Running CIS Benchmarks with kube-bench | CNCF
I was initially going to reference this an example of the kind of PDF hardening guide that is better handled by more secure designs and defaults. The good thing is that it also comes with some benchmarking tools to help automate the k8s hardening. That's a decent step towards not having to require such hardening in the first place -- or inverting the approach to have an initially hardened k8s environment followed by a "weakening" tool that changes features and config settings as needed.
Kalyani Pawar
- MCP Security: Tool Poisoning Attacks
Tool Poisoning Attacks exploit AI’s trust in external tools. An attacker secretly hides malicious instructions inside tool descriptions, instructions the AI can see but the user never notices. For example, a seemingly harmless calculator tool might actually instruct the AI to secretly steal sensitive files or hijack your email. Once again, input validation for the win!
