<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Bot Fingerprinting

POSTED BY  Mike Milner on Dec 20, 2016
Dec 20 2016

A web bot is designed to make life on the web easier; a script that automates repetitive tasks and does them much faster than a human could. This speed is often how you can tell who or what is interacting with your site: bot or human. And when it...

Continue Reading ›

TOPICS     Vulnerabilities  Web Application Security

2016: AppSec Year in Review

POSTED BY  Richard April on Dec 15, 2016
Dec 15 2016

Accounts taken over and credentials seriously stuffed

Credential stuffing attacks were made possible by several hacks that hit the news in 2016. Hacks like these happen in two (or more) phases, often occurring years apart. The first phase is...

Continue Reading ›

TOPICS     Vulnerabilities  Application Security  Account Takeover  Stolen Credentials

The Relationship Between RASP, Mobile Apps, and Web Service Infrastructure

POSTED BY  Mike Milner on Dec 01, 2016
Dec 01 2016

Mobile applications do not run on their own—almost every useful app is backed by one or more web services running in the background to perform most actions and to link them to enterprise systems. Even though you don’t really see this part, your...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security  Mobile App Security

RASP Adoption: A View From The Trenches (Part 1)

POSTED BY  Goran Begic on Nov 08, 2016
Nov 08 2016

Runtime application self-protection (RASP) is one of the newest security technologies. In the early stages of adoption in the industry, this method of protecting web apps promises dynamic defense and automatic mitigation of vulnerabilities.

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security

How to Engage Developers in App Security

POSTED BY  Oliver Lavery on Sep 27, 2016
Sep 27 2016

It’s become accepted wisdom that developers and security engineers exist on different planes, and that they’re anything but enthusiastic about collaborating. But with web application security threats proliferating and becoming increasingly...

Continue Reading ›

TOPICS     Vulnerabilities  Application development

Biggest Data Breach Yet: What Are the Implications of the Yahoo Hack?

POSTED BY  Maria Lee on Sep 23, 2016
Sep 23 2016

The biggest security story of this week by far was the massive data breach at Yahoo. The implications of this breach -- widely reported to be the largest of its kind in history -- will be wide-ranging and complex. As the Yahoo hack (and many...

Continue Reading ›

TOPICS     Vulnerabilities  Account Takeover  Stolen Credentials

Why You Should Automate Security in Agile Development

POSTED BY  Oliver Lavery on Sep 20, 2016
Sep 20 2016

Before agile development went mainstream, manual security and quality assurance methods were considered adequate for many organizations’ needs. But today’s agile and lean development cycles are simply too rapid for manual approaches to web...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Agile development

Vulnerabilities in the News This Week

POSTED BY  Maria Lee on Sep 16, 2016
Sep 16 2016

A critical vulnerability in the MySQL open source relational database management system was reported this week, and affected vendors are in the process of issuing patches.

Continue Reading ›

TOPICS     Vulnerabilities  Stolen Credentials  SQL injection

Securing Ruby on Rails Web Apps: What You Need to Know

POSTED BY  Mike Milner on Sep 15, 2016
Sep 15 2016

Ruby on Rails is a popular framework for web applications, built on the dynamic Ruby programming language. Estimates indicate that a quarter of a million websites use it, including Airbnb, Basecamp, Groupon, Hulu, and Slideshare. Developers love...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Ruby on Rails

Password Woes Dominate the News This Week

POSTED BY  Maria Lee on Sep 09, 2016
Sep 09 2016

In spite of repeated warnings, end-users haven’t gotten the memo about the dangers of setting passwords that are ridiculously easy to guess, such as “12345,” and reusing those passwords across numerous websites. At the same time, companies are...

Continue Reading ›

TOPICS     Vulnerabilities  WAF vs. RASP  Account Takeover