<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Preventing Account Takeover (ATO)

POSTED BY  Mike Milner on Jan 17, 2017
Jan 17 2017

Hackers are dedicated criminals. They will work hard to exploit any vulnerabilities in your website and network—because there is a lot of money in it for them when it works. One popular way of breaking into a system is to take over the account of...

Continue Reading ›

TOPICS     Account Takeover

Even if You Haven't Been a Victim of Account Takeover, You're Still Vulnerable

POSTED BY  Mike Milner on Jan 12, 2017
Jan 12 2017

The past few years have seen some of the world’s largest corporations fall victim to data breaches. Yahoo, LinkedIn, and Adobe, to name a few, have had to grapple with the theft of millions of user credentials. Stories like these should serve as...

Continue Reading ›

TOPICS     Account Takeover  Stolen Credentials

Stop Account Takeover in its Tracks

POSTED BY  Mike Milner on Jan 10, 2017
Jan 10 2017

It seems that everyday we see headlines announcing a data breach that resulted in theft of information for hundreds of thousands, millions, or even billions of users. These are clearly brand damaging headlines, and the numbers are certainly...

Continue Reading ›

TOPICS     RASP  Account Takeover  Stolen Credentials

2016: AppSec Year in Review

POSTED BY  Richard April on Dec 15, 2016
Dec 15 2016

Accounts taken over and credentials seriously stuffed

Credential stuffing attacks were made possible by several hacks that hit the news in 2016. Hacks like these happen in two (or more) phases, often occurring years apart. The first phase is...

Continue Reading ›

TOPICS     Vulnerabilities  Application Security  Account Takeover  Stolen Credentials

Cybersecurity Draws White House Attention

POSTED BY  Maria Lee on Oct 07, 2016
Oct 07 2016

During yet another week of disclosures of major data breaches at large enterprises, the White House kicked off a campaign aimed at educating Americans about how to keep login credentials secure. 

Continue Reading ›

TOPICS     Account Takeover  Stolen Credentials

Week in Review: Yahoo Breach Fallout Continues; Google Tackles XSS Scripting Flaws

POSTED BY  Maria Lee on Sep 30, 2016
Sep 30 2016

Yahoo continues to face severe criticism over its handling of the revelation of the 2014 theft of a half-billion customer account records, and the future of its proposed $4.8 billion merger with Verizon is unclear.

Continue Reading ›

TOPICS     Account Takeover  Stolen Credentials

Web Application Risk Assessment for the C-Suite

POSTED BY  Maria Lee on Sep 29, 2016
Sep 29 2016

Not too long ago, CEOs, CTOs, and CIOs could remain removed from the arcane aspects of IT security strategy setting. As the seemingly endless parade of news stories about corporate data breaches makes clear, though, those days are long gone.

Continue Reading ›

TOPICS     Web Application Security  Account Takeover  Stolen Credentials

Biggest Data Breach Yet: What Are the Implications of the Yahoo Hack?

POSTED BY  Maria Lee on Sep 23, 2016
Sep 23 2016

The biggest security story of this week by far was the massive data breach at Yahoo. The implications of this breach -- widely reported to be the largest of its kind in history -- will be wide-ranging and complex. As the Yahoo hack (and many...

Continue Reading ›

TOPICS     Vulnerabilities  Account Takeover  Stolen Credentials

Account Takeover Attacks: An Overview

POSTED BY  Goran Begic on Sep 22, 2016
Sep 22 2016

It’s a fact of life: web applications are inherently insecure. To protect your corporate information assets, your network, and your customers, the most important thing you can do is to protect your web applications. And the biggest threat to web...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Account Takeover

Password Woes Dominate the News This Week

POSTED BY  Maria Lee on Sep 09, 2016
Sep 09 2016

In spite of repeated warnings, end-users haven’t gotten the memo about the dangers of setting passwords that are ridiculously easy to guess, such as “12345,” and reusing those passwords across numerous websites. At the same time, companies are...

Continue Reading ›

TOPICS     Vulnerabilities  WAF vs. RASP  Account Takeover