10 open-source recon tools worth your time
Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten …
Photos: RSA Conference 2023
RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Here are a few photos …
42Crunch joins OWASP as a corporate member to advance API security
42Crunch has become corporate member of the Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organization focused on improving the security …
5 open-source vulnerability assessment tools to try out
A vulnerability assessment is a methodical examination of network infrastructure, computer systems, and software with the goal of identifying and addressing known security …
Black Hat USA 2022 video walkthrough
In this Help Net Security video, we take you inside Black Hat USA 2022 at the Mandalay Bay Convention Center in Las Vegas. The video features the following vendors: Abnormal …
API security warrants its own specific solution
Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can …
GoTestWAF: Open-source project for evaluating web application security solutions
GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, etc. It was …
What is wrong with developer security training?
“Turn a developer into a hacker” is a commonly heard call. There are many online courses and trainings that ostensibly teach developers how to write code that’s …
API attacks are both underdetected and underreported
Akamai released a research into the evolving threat landscape for application programming interfaces (APIs), which according to Gartner will be the most frequent online attack …
IriusRisk Community Edition offers free threat knowledge base for developers
IriusRisk has expanded the free Community Edition of its platform to include its entire threat and countermeasure knowledge base. Engineering teams using the Community Edition …
Approov offers free pinning generator tool to protect against automated attacks on APIs
Approov introduced the Mobile Certificate Pinning Generator, a free tool to help mobile-first companies make Man-in-the-Middle (MitM) attacks targeting mobile app APIs a thing …
OWASP Top 10 2021: The most serious web application security risks
The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk. How is the list compiled? …
Featured news
Resources
Don't miss
- Building cyber talent through competition, residency, and real-world immersion
- Browser agents don’t always respect your privacy choices
- Anubis: Open-source web AI firewall to protect from scraper bots
- Session tokens give attackers a shortcut around MFA
- AI isn’t one system, and your threat model shouldn’t be either