<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Even if You Haven't Been a Victim of Account Takeover, You're Still Vulnerable

POSTED BY  Mike Milner on Jan 12, 2017
Jan 12 2017

The past few years have seen some of the world’s largest corporations fall victim to data breaches. Yahoo, LinkedIn, and Adobe, to name a few, have had to grapple with the theft of millions of user credentials. Stories like these should serve as...

Continue Reading ›

TOPICS     Account Takeover  Stolen Credentials

Stop Account Takeover in its Tracks

POSTED BY  Mike Milner on Jan 10, 2017
Jan 10 2017

It seems that everyday we see headlines announcing a data breach that resulted in theft of information for hundreds of thousands, millions, or even billions of users. These are clearly brand damaging headlines, and the numbers are certainly...

Continue Reading ›

TOPICS     RASP  Account Takeover  Stolen Credentials

2016: AppSec Year in Review

POSTED BY  Richard April on Dec 15, 2016
Dec 15 2016

Accounts taken over and credentials seriously stuffed

Credential stuffing attacks were made possible by several hacks that hit the news in 2016. Hacks like these happen in two (or more) phases, often occurring years apart. The first phase is...

Continue Reading ›

TOPICS     Vulnerabilities  Application Security  Account Takeover  Stolen Credentials

Cybersecurity Draws White House Attention

POSTED BY  Maria Lee on Oct 07, 2016
Oct 07 2016

During yet another week of disclosures of major data breaches at large enterprises, the White House kicked off a campaign aimed at educating Americans about how to keep login credentials secure. 

Continue Reading ›

TOPICS     Account Takeover  Stolen Credentials

Week in Review: Yahoo Breach Fallout Continues; Google Tackles XSS Scripting Flaws

POSTED BY  Maria Lee on Sep 30, 2016
Sep 30 2016

Yahoo continues to face severe criticism over its handling of the revelation of the 2014 theft of a half-billion customer account records, and the future of its proposed $4.8 billion merger with Verizon is unclear.

Continue Reading ›

TOPICS     Account Takeover  Stolen Credentials

Web Application Risk Assessment for the C-Suite

POSTED BY  Maria Lee on Sep 29, 2016
Sep 29 2016

Not too long ago, CEOs, CTOs, and CIOs could remain removed from the arcane aspects of IT security strategy setting. As the seemingly endless parade of news stories about corporate data breaches makes clear, though, those days are long gone.

Continue Reading ›

TOPICS     Web Application Security  Account Takeover  Stolen Credentials

Biggest Data Breach Yet: What Are the Implications of the Yahoo Hack?

POSTED BY  Maria Lee on Sep 23, 2016
Sep 23 2016

The biggest security story of this week by far was the massive data breach at Yahoo. The implications of this breach -- widely reported to be the largest of its kind in history -- will be wide-ranging and complex. As the Yahoo hack (and many...

Continue Reading ›

TOPICS     Vulnerabilities  Account Takeover  Stolen Credentials

Vulnerabilities in the News This Week

POSTED BY  Maria Lee on Sep 16, 2016
Sep 16 2016

A critical vulnerability in the MySQL open source relational database management system was reported this week, and affected vendors are in the process of issuing patches.

Continue Reading ›

TOPICS     Vulnerabilities  Stolen Credentials  SQL injection

Who’s Responsible for Weak Passwords?

POSTED BY  Mike Milner on Sep 14, 2016
Sep 14 2016

When people choose weak passwords and reuse them across websites, they bear some responsibility for security breaches that impact them. Historically, this was where it stopped: if you got hacked, it was your fault. But as Account Takeover (ATO)...

Continue Reading ›

TOPICS     WAF vs. RASP  Internet of Things  Stolen Credentials

Vulnerabilities Old and New Dominate the News this Week

POSTED BY  Richard April on Aug 04, 2016
Aug 04 2016

When it comes to application vulnerabilities, everything old is new again -- or so it seems from this week’s headlines. It’s an eventful time for the software security industry, with Black Hat USA 2016 going on in Las Vegas this week. It seems...

Continue Reading ›

TOPICS     Vulnerabilities  Account Takeover  Stolen Credentials