Web application security News
September 15, 2017
Equifax has confirmed an unpatched critical Apache Struts vulnerability was exploited in the breach that compromised the personal data of 143 million U.S. citizens.
September 08, 2017
A massive Equifax breach, which was discovered in July, exposed the personal information, including names, birth dates and Social Security numbers, of 143 million Americans.
August 04, 2017
New features in the Windows 10 Fall Creators Update link PCs and smartphones, making users more productive. But they present some security issues for IT to worry about.
April 28, 2017
Basic cybersecurity measures like limiting password reuse and implementing multifactor authentication could be big benefits, according to the Verizon DBIR 2017.
Web application security Get Started
Bring yourself up to speed with our introductory content
AWS Shield is a security service that protects web applications hosted on the Amazon Web Services public cloud against distributed denial of service (DDoS) attacks. Continue Reading
In this excerpt from chapter 8 of Hacking Web Intelligence, authors Sudhanshu Chauhan and Nutan Panda discuss how to be anonymous on the internet using proxy. Continue Reading
In this screencast video, Keith Barker of CBT Nuggets offers a tutorial on how to perform a thorough Web application security scan using w3af. Continue Reading
Evaluate Web application security Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Google's OSS-Fuzz is an open source vulnerability scanner. Expert Matthew Pascucci looks at how developers can take advantage of this tool and others like it. Continue Reading
Expert Bill Hayes takes a look at Blue Coat DLP, a single appliance data loss prevention system that works with the company's web security gateway products. Continue Reading
Secure web apps are essential to business. Everyday interactions rely on them, which means security flaws in apps have serious ramifications for enterprises. Most studies conclude that more than half of web applications have critical security vulnerabilities -- but they're not fancy threats; they're things like cross-site scripting and SQL injection.
In this Insider Edition of Information Security magazine, we explore how to secure web apps, beginning with Mike Chapple's report on security experts' practical advice on web app security in general and recommendations from the Open Web Application Security Project (OWASP) in particular. Alan Earls then considers the impact of mergers and acquisitions on web application security. Finally, Marcus Ranum talks to Veracode's chief strategy officer about many things, including ways infosec pros and CISOs can prevent app security breaches.
Readers will come away with a deeper understanding of the challenge of web app security and with practical advice on how to achieve it.Continue Reading
Manage Web application security
Learn to apply best practices and optimize your operations.
Web application security is crucial, but enterprises also need to look below that layer for web server vulnerabilities. Kevin Beaver explains how to look for common weaknesses. Continue Reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to avoid it. Continue Reading
In this excerpt from chapter three of Safety of Web Applications, author Eric Quinton discusses symmetric and asymmetric encryption. Continue Reading
Problem Solve Web application security Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Adobe Flash's end of life is coming, but there are some HTML5 vulnerabilities enterprises should be aware of before making the switch. Expert Judith Myerson outlines the risks. Continue Reading
Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them. Continue Reading
A series of logic flaws in Moodle enabled attackers to remotely execute code on servers. Expert Michael Cobb explains how the Moodle security vulnerability can be exploited. Continue Reading