{"id":42634,"date":"2021-05-26T00:00:00","date_gmt":"2021-05-26T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/e\/simple-application-security-integrations-for-devops.html"},"modified":"2021-05-26T00:00:00","modified_gmt":"2021-05-26T00:00:00","slug":"simple-application-security-integrations-for-devops-threat-researcher","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/","title":{"rendered":"Simple Application Security Integrations for DevOps Threat Researcher"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/why-devops-teams-need-to-improve-application-security.jpg\"><!-- Begin mPulse library --><!-- END mPulse library --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"Integrate application security into your development process for a stress-free build.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"how to,serverless security,article,multi cloud\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"defaultArticleWithoutHero\"> <meta property=\"article:published_time\" content=\"2021-05-26\"> <meta property=\"article:tag\" content=\"serverless security\"> <meta property=\"article:section\" content=\"how to\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/e\/simple-application-security-integrations-for-devops.html\"> <title>Application Security Integrations for DevOps<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/e\/simple-application-security-integrations-for-devops.html\"><br \/>\n<meta property=\"og:title\" content=\"Application Security Integrations for DevOps\"><br \/>\n<meta property=\"og:description\" content=\"Integrate application security into your development process for a stress-free build.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/why-devops-teams-need-to-improve-application-security.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Application Security Integrations for DevOps\"><br \/>\n<meta name=\"twitter:description\" content=\"Integrate application security into your development process for a stress-free build.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/why-devops-teams-need-to-improve-application-security.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business context-devops\" id=\"readabilityBody\" readability=\"50.916093535076\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"228796387\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"7.7400722021661\">\n<div class=\"article-details\" role=\"heading\" readability=\"34.830324909747\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Serverless Security<\/p>\n<p class=\"article-details__description\">Explore why application security matters and how you can integrate it into your build process without added stress or interruption.<\/p>\n<p class=\"article-details__author-by\">By: Yash Verma <time class=\"article-details__date\">May 26, 2021<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"40.86118746564\">\n<div readability=\"27.568993952721\">\n<p>Time is of the essence when building in the cloud, as organizations need DevOps teams to develop and deploy quickly to keep up with business and consumer needs. You may already be building like the wind, but application security keeps standing in the way. You know you need to improve it\u2014but you\u2019re looking for a way to do so without interrupting your workflow.<\/p>\n<p>One way is to use runtime application self-protection, a security technology that kicks in when the application starts to run in order to detect and block threats in real-time. Trend Micro Cloud One\u2122 \u2013 Application Security is designed to work in environments where traditional security cannot be deployed, like serverless and containerized applications, due to absence of an underlying host. By hooking into your framework at key points, it can detect and exploit attempts to immediately prevent hacks and identify vulnerabilities such as remote command execution, illegal file access, malicious file uploads, and more.<\/p>\n<p><b><span class=\"body-subhead-title\">Advantages of Using Application Security<\/span><\/b><\/p>\n<ol>\n<li>Easy and quick to deploy.<\/li>\n<li>Deploys across just about any architecture and network topology.<\/li>\n<li>Runs fast since all protection takes place inside the application directly, eliminating network latency<\/li>\n<li>More reliable high-level alerts\u2014only concerned with exploitable vulnerabilities specific to your application<\/li>\n<li>Supports secure sockets layer (SSL) tunneling and termination.<\/li>\n<li>Protects the web application from most of the <a href=\"https:\/\/owasp.org\/www-project-top-ten\/\" target=\"_blank\" rel=\"noopener\"><u>OWASP Top 10 Vulnerabilities<\/u><\/a> like standard query language (SQL) Injections, sensitive data exposure, XML External Entities (XXE), and more.<\/li>\n<li>Protects the application from third-party open source software vulnerabilities, specifically the unknown ones that fly under the radar of common open source vulnerability scanners.<\/li>\n<\/ol>\n<p><b><span class=\"body-subhead-title\">Protection Policies Provided in Application Security<\/span><\/b><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image1.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"35\">\n<div readability=\"15\">\n<p>As you see here, there are different protection policies provided for all the application vulnerabilities possible. You can either choose to just detect the attacks (option: Report) or prevent the attack (option: Mitigate). Let&#8217;s walk through different vulnerabilities that policies can detect:<\/p>\n<p>1. <u>Malicious Payload<\/u><\/p>\n<p>This is an attack component like ransomware or worms. Malicious payloads are dangerous because they remain inactive until activated, essentially camouflaging amongst your infrastructure until signaled to attack.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image2.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p>You can select which Trend Micro Intrusion Prevention System (IPS) rule you want to apply here in this policy.<\/p>\n<p>2. <u>SQL Injection<\/u><\/p>\n<p>This policy finds any SQL Injections lurking in your application. An SQL Injection is one of the most common web hacking techniques; it places malicious code in SQL statements (usernames and user IDs).<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image3.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>You can also choose which detection algorithm you want active to detect SQL Injections.<\/p>\n<p>3. <u>Illegal File Access<\/u><\/p>\n<p>This policy detects any file access (Read and Write) that is restricted based on the default rules or customized rules that you have set up.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image4.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35\">\n<div readability=\"15\">\n<p>You can write your own rules or enable\/disable existing rules from here.<\/p>\n<p>4. <u>Remote Command Execution<\/u><\/p>\n<p>This is when an attacker runs any malicious code of their choosing with system-level privileges on any vulnerable server. Once the server has been exploited, the attacker can gain access to all private data and information on that server. You can detect this dangerous threat by applying the detection algorithm with customized rules.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image5.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>5. <u>Open Redirect<\/u><\/p>\n<p>An open redirect is when attackers change the URL accessed by the customer to redirect to their web server. This is often used in phishing emails, where customers are prompted to click a link with a supposedly trustworthy name that in actuality leads them to a malicious website.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image6.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36\">\n<div readability=\"17\">\n<p>You can write your custom rules or enable\/disable existing rules from here.<\/p>\n<p>6. <u>Malicious File Upload<\/u><\/p>\n<p>When invalidated files are uploaded on vulnerable servers, they can execute malicious script on the server-side to either upload phishing pages that extract users\u2019 data, grant access to other illegal software, or gain control of the server to scrape valuable data. This policy scans for any malicious files potentially uploaded to your application, checks the file size, and blocks it based on the threshold provided by you.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image7.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34\">\n<div readability=\"13\">\n<p>7. <u>IP Protection<\/u><\/p>\n<p>An IP address is essentially your internet address\u2014the exact location where you receive emails, browse the web, etc. When websites have access to your IP address, it can potentially be sold to third parties without your consent and be used by malicious actors to spy on you. Protecting your IP address by utilizing IP and subnet filtering or whitelisting is essential keep cybercriminals from gaining access to valuable data. &nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image8.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"45.403397027601\">\n<div readability=\"37.675159235669\">\n<p>You can add new rules here, specifying a single IP or a subnet to filter or whitelist.<\/p>\n<p><b><span class=\"body-subhead-title\"><u>On Host Web Application Used for Attack Demo<\/u><\/span><\/b><\/p>\n<p>Okay, now that we\u2019ve covered the basics of Application Security, let\u2019s take a look at how it works in real-time. For this demo, we are using a Damn Vulnerable Web Application (DVWA). This is a PHP\/MySQL web application that is, you guessed it, damn vulnerable. DVWA provides security professionals a chance to test their skills and tools in a legal environment. It also helps web developers better understanding the process of securing web applications in a dummy, no-pressure environment. Want to try it for yourself? <a href=\"https:\/\/github.com\/digininja\/DVWA\" target=\"_blank\" rel=\"noopener\"><u>Click here<\/u><\/a>.<\/p>\n<p>For our demo purpose we have deployed DVWA on host. Please note that this application is vulnerable to several kinds of attacks, so we advise you don\u2019t deploy it to any public servers or production environments.<\/p>\n<p>Let\u2019s start with setting up Application Security with DVWA:<\/p>\n<p><b><span class=\"body-subhead-title\"><u>Application Security Integration with DVWA<\/u><\/span><\/b><\/p>\n<p>Since DVWA is based on PHP, we install <u><a href=\"https:\/\/cloudone.trendmicro.com\/docs\/application-security\/php\/\" target=\"_blank\" rel=\"noopener\">a PHP-based Application Security agent<\/a><\/u> on the Amazon Elastic Compute Cloud (EC2) instance we want to manage.<\/p>\n<p>1. Stop the <b>httpd\/apache2<\/b> service.<br \/>2. Copy the downloaded <b>trend_app_protect-*.so<\/b> into the PHP extension directory.<br \/>3. Edit the php.ini file currently being used by PHP. To find the file path of php.ini being used, run the command <b>php &#8211;ini<\/b> and look for Loaded Configuration File.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image9.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>4. Populate the php.ini file with the extension name and the Application Key and Secret (which you can find from the Application Security console). Be careful about any whitespaces that maybe added while copying and pasting the key and secret from the Application console.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image10.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.482105263158\">\n<div readability=\"15.090526315789\">\n<p>5. After step 4 is completed, you might also need to add <a href=\"https:\/\/agent-manager.prod.im7.io\/\" target=\"_blank\" rel=\"noopener\">trend_app_protect.hello_url<\/a> in the php.ini file, as shown in the above image. After doing so, save the file and restart the <b>httpd\/apache2<\/b> service, along with the <b>PHP-FPM<\/b> service.<br \/>6. Send a simple HTTP request or, just access the website from your browser for the hosted DVWA application to activate the agent.<br \/>7. Now, you should see triggers on the Application Security console. The status should turn green from grey.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image11.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>8. When you trigger any module from the Application Security console, you will get the status as <b>Attacks Ongoing<\/b> and the color changes to red.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image12.jpg\" alt=\"8.\tWhen you trigger any module from the Application Security console, you will get the status as Attacks Ongoing and the color changes to red. \"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.5\">\n<div readability=\"14\">\n<p><b><span class=\"body-subhead-title\"><u>Proof of Concept Demo<\/u><\/span><\/b><\/p>\n<p>Now that Application Security is up and running on the DVWA, we\u2019ll take a look at what types of attacks it will find. For the purpose of this demo, Application Security is kept in detect mode. You can also opt to keep it in block mode, which will block all the attacks.<\/p>\n<p>1. <u>VULNERABILITY<\/u>: OS Command Injection<\/p>\n<p><u>Attack:<\/u><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image13.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>As you can see with the payload <b>8.8.8.8; cat \/etc\/passwd<\/b>, we are able to exfiltrate contents of the <b>passwd<\/b> file that stored users\u2019 confidential info.<\/p>\n<p><u>Detections: Yes<\/u><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image14.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image15.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p><u>Module<\/u>: Remote Command Execution, Malicious Payload<\/p>\n<p>2.&nbsp;<u>VULNERABILITY:<\/u> File Inclusion<\/p>\n<p><u>Attack:<\/u><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image16.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>We are exploiting the vulnerability by incorporating directory traversal payload ..\/..\/..\/..\/..\/..\/etc\/passwd to exfiltrate contents of the password file for user information.<\/p>\n<p><u>Detections: Yes<\/u><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image17.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image18.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p><u>Module<\/u>: Malicious Payload, Illegal File Access<\/p>\n<p>3. <u>VULNERABILITY:<\/u> Malicious File Upload<\/p>\n<p><u>Attack:<\/u><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image19.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>We are exploiting the vulnerability by uploading a malicious file in the application to perform further attacks.<\/p>\n<p><u>Detections: Yes<\/u><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image20.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p><u>Module<\/u>: Malicious File Upload<\/p>\n<p>4. <u>VULNERABILITY:<\/u> SQL Injection<\/p>\n<p><u>Attack:<\/u><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image21.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>We are exploiting the vulnerability by putting the payload&nbsp; <b>1%27+or+1+%3D+1+union+select+user%2Cpassword+from+users%23&amp;Submit=Submit<\/b> in user input to extract usernames and passwords stored in the database.<\/p>\n<p><u>Detections: Yes<\/u><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/e\/why-devops-teams-need-to-improve-application-security\/image22.jpg\" alt=\"Why DevOps Teams Need to Improve Application Security\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.449320148331\">\n<div readability=\"22.754017305315\">\n<p><u>Module<\/u>: Malicious Payload<\/p>\n<p><b><span class=\"body-subhead-title\"><u>Conclusion<\/u><\/span><\/b><\/p>\n<p>As seen in the demo, Application Security is effective at detecting and thwarting advanced threats and vulnerabilities that could cause harm. By implementing Application Security early in the development phase, you can make minor corrections throughout the build process and deploy with full confidence that your app is as strong as possible.<\/p>\n<p>Not only do you reap the security benefits of using an automated, integrated solution like Application Security, but you also strengthen the DevOps culture of collaboration between teams. With everyone on the same team, you can cross the finish line more efficiently and without as much stress.<\/p>\n<p>Curious to try it for yourself? Start your <a href=\"https:\/\/cloudone.trendmicro.com\/SignUp.screen\" target=\"_blank\" rel=\"noopener\"><u>free 30-day trial today<\/u><\/a>. You can also watch <u><a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/business\/products\/hybrid-cloud\/cloud-one-application-security\/cloud-one-application-security-demo-aws-lambda.mp4\"><span class=\"bs-modal\">serverless<\/span><\/a><\/u>&nbsp;and <u><a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/business\/products\/hybrid-cloud\/cloud-one-application-security\/cloud-one-application-security-demo-aws-fargate.mp4\"><span class=\"bs-modal\">container<\/span><\/a><\/u>&nbsp;demos to learn more.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"devopsrc-1be83f\" href=\"https:\/\/cloudone.trendmicro.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/trial-banners\/cloud-one-trial-banner.jpg\" alt=\"cloud-one-trial\"> <\/a> <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/e\/simple-application-security-integrations-for-devops.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Explore why application security matters and how you can integrate it into your build process without added stress or interruption. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42635,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9503,9571,9507,9608],"class_list":["post-42634","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-devops-article","tag-trend-micro-devops-how-to","tag-trend-micro-devops-multi-cloud","tag-trend-micro-devops-serverless-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Simple Application Security Integrations for DevOps Threat Researcher 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Simple Application Security Integrations for DevOps Threat Researcher 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-26T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1090\" \/>\n\t<meta property=\"og:image:height\" content=\"482\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Simple Application Security Integrations for DevOps Threat Researcher\",\"datePublished\":\"2021-05-26T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/\"},\"wordCount\":1481,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg\",\"keywords\":[\"Trend Micro DevOps : Article\",\"Trend Micro DevOps : How To\",\"Trend Micro DevOps : Multi Cloud\",\"Trend Micro DevOps : Serverless Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/\",\"name\":\"Simple Application Security Integrations for DevOps Threat Researcher 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg\",\"datePublished\":\"2021-05-26T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg\",\"width\":1090,\"height\":482},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro DevOps : Article\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-devops-article\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Simple Application Security Integrations for DevOps Threat Researcher\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Simple Application Security Integrations for DevOps Threat Researcher 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/","og_locale":"en_US","og_type":"article","og_title":"Simple Application Security Integrations for DevOps Threat Researcher 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-26T00:00:00+00:00","og_image":[{"width":1090,"height":482,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Simple Application Security Integrations for DevOps Threat Researcher","datePublished":"2021-05-26T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/"},"wordCount":1481,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg","keywords":["Trend Micro DevOps : Article","Trend Micro DevOps : How To","Trend Micro DevOps : Multi Cloud","Trend Micro DevOps : Serverless Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/","url":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/","name":"Simple Application Security Integrations for DevOps Threat Researcher 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg","datePublished":"2021-05-26T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/simple-application-security-integrations-for-devops-threat-researcher.jpg","width":1090,"height":482},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/simple-application-security-integrations-for-devops-threat-researcher\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro DevOps : Article","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-devops-article\/"},{"@type":"ListItem","position":3,"name":"Simple Application Security Integrations for DevOps Threat Researcher"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42634"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42634\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42635"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}