<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Why Signature Based Security is Only the First Step

POSTED BY  Richard April on Feb 07, 2017
Feb 07 2017

Think of the security infrastructure of your application as its doctor. When working properly, it diagnoses threats to your system and prescribes the right course of action to keep that threat from infecting your application - much the way your...

Continue Reading ›

TOPICS     AppSec Tools  WAF vs. RASP

4 Predictions for 2017 and Beyond

POSTED BY  Zaid Al Hamami on Jan 05, 2017
Jan 05 2017

1. Runtime Security Instrumentation finds more adoption

I talked previously about application runtime security instrumentation, of which IAST/RASP are the most well known applications. Both IAST/RASP, as well as application runtime security...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security

You’ve Been Hacked: Why Web Application Security Programs Should Start with RASP

POSTED BY  Goran Begic on Oct 20, 2016
Oct 20 2016

Web applications help trusted users navigate your site and your content. They also provide direct entrée into your system for those who wish to harm your organization. If your web applications aren’t secure, neither are you. As hackers begin to...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security

Going Beyond WAFs: Targeted, Accurate, Real-Time Application Protection

POSTED BY  Richard April on Oct 18, 2016
Oct 18 2016

New threats to web applications are emerging all the time. Your organization’s defenses need to keep pace with these new threats. Organizations that rely primarily on Web Application Firewalls (WAFs) to safeguard against common application...

Continue Reading ›

TOPICS     Application Security  AppSec Tools  WAF vs. RASP

Web Application Security Intelligence: Making Security Analytics Even More Powerful

POSTED BY  Goran Begic on Oct 11, 2016
Oct 11 2016

Web applications remain the number one source of data breaches, as researchers at Verizon found in their 2016 Data Breach Investigations Report. But application security operations and best practices have not evolved to keep up with the rapid...

Continue Reading ›

TOPICS     AppSec Tools  Web Application Security  Security analytics

Account Takeover Attacks: An Overview

POSTED BY  Goran Begic on Sep 22, 2016
Sep 22 2016

It’s a fact of life: web applications are inherently insecure. To protect your corporate information assets, your network, and your customers, the most important thing you can do is to protect your web applications. And the biggest threat to web...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Account Takeover

Automated Mobile App Security Testing with MobSF: An Overview

POSTED BY  Ajin Abraham on Sep 08, 2016
Sep 08 2016


Recently I had the opportunity to discuss automated security testing of mobile applications at OWASP’s AppSec Europe 16 conference. My presentation centered on the top challenges facing mobile app pentesters, mobile malware analysts,...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Mobile App Security

Will it Pwn? CVE-2016-6316

POSTED BY  Ajin Abraham on Sep 01, 2016
Sep 01 2016

Rails is again affected by a major CVE, a potential cross-site scripting vulnerability (XSS) arising from a flaw in Rails’ ActionView component. The ID of the newly-identified CVE is CVE-2016-6316.

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security  Ruby on Rails

Five Myths of Web Application Security

POSTED BY  Mike Milner on Aug 30, 2016
Aug 30 2016

It’s no surprise that many organizations continue to grapple with web application security. Companies in nearly all industries today build and deploy web apps to deliver the products and services their customers rely on. They need to deliver...

Continue Reading ›

TOPICS     Vulnerabilities  AppSec Tools  Account Takeover

Understanding RASP: A New Guide from Securosis

POSTED BY  Goran Begic on Aug 23, 2016
Aug 23 2016

The independent information security research firm Securosis recently took an in-depth look at Runtime Application Self-Protection (RASP) solutions. According to Securosis, developers and other IT professionals are increasingly taking the lead in...

Continue Reading ›

TOPICS     AppSec Tools  WAF  RASP