<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Even if You Haven't Been a Victim of Account Takeover, You're Still Vulnerable

POSTED BY  Mike Milner on Jan 12, 2017
Jan 12 2017

The past few years have seen some of the world’s largest corporations fall victim to data breaches. Yahoo, LinkedIn, and Adobe, to name a few, have had to grapple with the theft of millions of user credentials. Stories like these should serve as...

Continue Reading ›

TOPICS     Account Takeover  Stolen Credentials

Stop Account Takeover in its Tracks

POSTED BY  Mike Milner on Jan 10, 2017
Jan 10 2017

It seems that everyday we see headlines announcing a data breach that resulted in theft of information for hundreds of thousands, millions, or even billions of users. These are clearly brand damaging headlines, and the numbers are certainly...

Continue Reading ›

TOPICS     RASP  Account Takeover  Stolen Credentials

4 Predictions for 2017 and Beyond

POSTED BY  Zaid Al Hamami on Jan 05, 2017
Jan 05 2017

1. Runtime Security Instrumentation finds more adoption

I talked previously about application runtime security instrumentation, of which IAST/RASP are the most well known applications. Both IAST/RASP, as well as application runtime security...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security

IAST, RASP, and Runtime Instrumentation

POSTED BY  Zaid Al Hamami on Jan 03, 2017
Jan 03 2017

The Application Security Testing (AST) technology market is made up of the following categories:

Continue Reading ›

TOPICS     Application Security  RASP

Web Application Health

POSTED BY  Mike Milner on Dec 22, 2016
Dec 22 2016

The reality of today’s world is that there is no clear perimeter to an organization’s information systems. That means that controlling the network edge is no longer the way to effectively secure web applications or an entire system. Access...

Continue Reading ›

TOPICS     RASP  Web Application Security

Bot Fingerprinting

POSTED BY  Mike Milner on Dec 20, 2016
Dec 20 2016

A web bot is designed to make life on the web easier; a script that automates repetitive tasks and does them much faster than a human could. This speed is often how you can tell who or what is interacting with your site: bot or human. And when it...

Continue Reading ›

TOPICS     Vulnerabilities  Web Application Security

2016: AppSec Year in Review

POSTED BY  Richard April on Dec 15, 2016
Dec 15 2016

Accounts taken over and credentials seriously stuffed

Credential stuffing attacks were made possible by several hacks that hit the news in 2016. Hacks like these happen in two (or more) phases, often occurring years apart. The first phase is...

Continue Reading ›

TOPICS     Vulnerabilities  Application Security  Account Takeover  Stolen Credentials

RASP and Security Against Internal Breaches

POSTED BY  Mike Milner on Dec 13, 2016
Dec 13 2016

As companies consider their application security posture, it is critical to remember that breaches can come from both outside and inside the company and its trust boundaries. Internal threats require just as much protection as external risks.

Continue Reading ›

TOPICS     Insider  Application Security  RASP

API Security: An Overview

POSTED BY  Goran Begic on Dec 06, 2016
Dec 06 2016

Many modern web or mobile applications use an application programming interface (API) on the back end. As a set of tools and protocols that enable developers to provide flexibility and scalability in the front end applications, APIs are an...

Continue Reading ›

TOPICS     Web Application Security

The Relationship Between RASP, Mobile Apps, and Web Service Infrastructure

POSTED BY  Mike Milner on Dec 01, 2016
Dec 01 2016

Mobile applications do not run on their own—almost every useful app is backed by one or more web services running in the background to perform most actions and to link them to enterprise systems. Even though you don’t really see this part, your...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security  Mobile App Security