<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Threat Intelligence

POSTED BY  Steve Williams on Jan 24, 2017
Jan 24 2017

Websites are able to collect massive amounts of information about the people browsing them. This can be used for a wide range of analytics, including marketing, driving sales or displaying relevant adverts. However, all this information can also...

Continue Reading ›

TOPICS     Security analytics

Enterprise Information Networks and the Threat Environment

POSTED BY  Oliver Lavery on Jan 19, 2017
Jan 19 2017

Securing an enterprise information system is no trivial task. That is because today’s systems are complex and need to be viewed holistically. No longer can IT security only think of a network as a combination of components that can be protected...

Continue Reading ›

TOPICS     Application Security

Preventing Account Takeover (ATO)

POSTED BY  Mike Milner on Jan 17, 2017
Jan 17 2017

Hackers are dedicated criminals. They will work hard to exploit any vulnerabilities in your website and network—because there is a lot of money in it for them when it works. One popular way of breaking into a system is to take over the account of...

Continue Reading ›

TOPICS     Account Takeover

Even if You Haven't Been a Victim of Account Takeover, You're Still Vulnerable

POSTED BY  Mike Milner on Jan 12, 2017
Jan 12 2017

The past few years have seen some of the world’s largest corporations fall victim to data breaches. Yahoo, LinkedIn, and Adobe, to name a few, have had to grapple with the theft of millions of user credentials. Stories like these should serve as...

Continue Reading ›

TOPICS     Account Takeover  Stolen Credentials

Stop Account Takeover in its Tracks

POSTED BY  Mike Milner on Jan 10, 2017
Jan 10 2017

It seems that everyday we see headlines announcing a data breach that resulted in theft of information for hundreds of thousands, millions, or even billions of users. These are clearly brand damaging headlines, and the numbers are certainly...

Continue Reading ›

TOPICS     RASP  Account Takeover  Stolen Credentials

4 Predictions for 2017 and Beyond

POSTED BY  Zaid Al Hamami on Jan 05, 2017
Jan 05 2017

1. Runtime Security Instrumentation finds more adoption

I talked previously about application runtime security instrumentation, of which IAST/RASP are the most well known applications. Both IAST/RASP, as well as application runtime security...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security

IAST, RASP, and Runtime Instrumentation

POSTED BY  Zaid Al Hamami on Jan 03, 2017
Jan 03 2017

The Application Security Testing (AST) technology market is made up of the following categories:

Continue Reading ›

TOPICS     Application Security  RASP

Web Application Health

POSTED BY  Mike Milner on Dec 22, 2016
Dec 22 2016

The reality of today’s world is that there is no clear perimeter to an organization’s information systems. That means that controlling the network edge is no longer the way to effectively secure web applications or an entire system. Access...

Continue Reading ›

TOPICS     RASP  Web Application Security

Bot Fingerprinting

POSTED BY  Mike Milner on Dec 20, 2016
Dec 20 2016

A web bot is designed to make life on the web easier; a script that automates repetitive tasks and does them much faster than a human could. This speed is often how you can tell who or what is interacting with your site: bot or human. And when it...

Continue Reading ›

TOPICS     Vulnerabilities  Web Application Security

2016: AppSec Year in Review

POSTED BY  Richard April on Dec 15, 2016
Dec 15 2016

Accounts taken over and credentials seriously stuffed

Credential stuffing attacks were made possible by several hacks that hit the news in 2016. Hacks like these happen in two (or more) phases, often occurring years apart. The first phase is...

Continue Reading ›

TOPICS     Vulnerabilities  Application Security  Account Takeover  Stolen Credentials