<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

IMMUNIO Joins Forces with Trend Micro !

The Struts Saga Continues: Groundhog Day All Over Again

Will it Pwn CVE-2017-5638: Remote Code Execution in Apache Struts 2?

CVE-2017-5638 - Groundhog Day

Using RASP to Make Bug Bounty Programs More Efficient

Why Target the Application Layer

Improve Productivity Across Your Organization with RASP

Why Signature Based Security is Only the First Step

How External Dependencies Put Your Apps at Risk

Ready to be Hacked: Incident Response

Sundance Hack Acts as a Warning to Small and Mid Sized Businesses

Threat Intelligence

Enterprise Information Networks and the Threat Environment

Preventing Account Takeover (ATO)

Even if You Haven't Been a Victim of Account Takeover, You're Still Vulnerable

Stop Account Takeover in its Tracks

4 Predictions for 2017 and Beyond

IAST, RASP, and Runtime Instrumentation

Web Application Health

Bot Fingerprinting

2016: AppSec Year in Review

RASP and Security Against Internal Breaches

API Security: An Overview

The Relationship Between RASP, Mobile Apps, and Web Service Infrastructure

Framework Security: Building Self-Protecting Applications

RASP Adoption: A View From the Trenches (Part 3)

Is RASP Scalable?

RASP Adoption: A View From the Trenches (Part 2)

The Contrast Between Today's RASP Approaches

RASP Adoption: A View From The Trenches (Part 1)

What is the Network Perimeter, Anyway?

How to Build Security into the QA Cycle

Two weeks, two continents, two conferences: AppSecUSA vs. DevSecCon

Changing the AppSec Paradigm

You’ve Been Hacked: Why Web Application Security Programs Should Start with RASP

Going Beyond WAFs: Targeted, Accurate, Real-Time Application Protection

How RASP Works: A Primer

Web Application Security Intelligence: Making Security Analytics Even More Powerful

Cybersecurity Draws White House Attention

What You Need to Know About Security for Python, Ruby, and Node.JS

4 Steps to DevOps Success in the Cloud

Week in Review: Yahoo Breach Fallout Continues; Google Tackles XSS Scripting Flaws

Web Application Risk Assessment for the C-Suite

How to Engage Developers in App Security

Biggest Data Breach Yet: What Are the Implications of the Yahoo Hack?

Account Takeover Attacks: An Overview

Why You Should Automate Security in Agile Development

Vulnerabilities in the News This Week

Securing Ruby on Rails Web Apps: What You Need to Know

Who’s Responsible for Weak Passwords?

Password Woes Dominate the News This Week

Automated Mobile App Security Testing with MobSF: An Overview

IoT Botnets: Is Your Website at Risk?

GoSec: Emerging Threats Take Center Stage

Will it Pwn? CVE-2016-6316

Five Myths of Web Application Security

Understanding RASP: A New Guide from Securosis

The State of Application Security: Silos and IT Skills Shortages

Reducing the Security Threat from Legacy Apps

Metasecurity: Beyond Patching Vulnerabilities

The Changing Landscape of Application Security at Black Hat USA 2016

Vulnerabilities Old and New Dominate the News this Week

Protecting the Web from Within

Datadog Adds Real-Time Security Monitoring with IMMUNIO

Web Application Security Risks: The End-User Factor

How RASP Works in a DevOps Environment

Building Security into the Software Development Lifecycle

The 5 Most Important Things to Know About RASP

Will Security Concerns Hinder Cloud Adoption?

The Basics of Application Security

Application Defense in Depth – Making your Applications First Class Citizens

Recent Rash of Node.js Vulns Highlights Need for Runtime Protection

Hacking Happens: Stolen Credentials

10 Most Common Web Security Vulnerabilities

Death, Taxes, and Data Breaches

The Human Factor and Cardinal Sins of Web Application Protection

How IMMUNIO Works - a Video Short Demonstration

Reducing Your Breach Risk

Evaluating Web Application Security: What You Need to Know From Prospective Vendors

Runtime is the Future of Web Application Security

Web Application Security and PCI Compliance – Monitoring is Not Enough

Web Application Security: Four Fundamental Truths

Live Q/A: RASP is Ready to Replace WAF

New Rails Vulnerabilities, January 2016

Rails Patch Tuesday?

Zero False Positive XSS Detection

Benefits of stream processing for experiments

The Application Security Mindset

FutureStack 2015: Security is important for New Relic customers

Rails, SQL Injection, and You: What is SQL injection?

This Week In The App Club: RailsGoat!

Be careful signing/encrypting Rails cookies

Implementing System Tests

Rails Integration Testing with Docker

Reduced Downtime with Marathon Deploys

Will It Pwn? CVE-2014-0130