web application security Archives

web application security

Teams that shift security left and focus on attackability ship more secure code

June 29, 2022

ShiftLeft released its second annual AppSec Progress Report documenting critical trends in application security and how organizations are shifting security left to deal with …

WAFs can’t give organizations the security they need

February 16, 2022

Cymulate reveals that web application firewalls are the least effective security solutions, making them prime target for adversaries and high risk points for organizations. …

Web app attacks are skyrocketing, it’s time to protect APIs

December 27, 2021

Web app attacks against UK businesses have increased by 251% since October 2019, putting both organizations and consumers at risk, an Imperva reserach reveals. In a study of …

The Log4j JNDI attack and how to prevent it

December 13, 2021

The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the …

Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

December 13, 2021

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

December 10, 2021

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …

Blocked DDoS events up 75% in the first nine months of 2021

November 5, 2021

Radware has published results from its report which provides an overview of the DDoS attack landscape, application attack developments, and unsolicited network scanning …

Organizations making security trade-offs in the push to innovate

October 27, 2021

The vast majority of organizations are increasing their investment in application security this year, but they continue to struggle to fully embrace secure innovation. A …

OWASP Top 10 2021: The most serious web application security risks

September 24, 2021

The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk. How is the list compiled? …

Application security tools ineffective against new and growing threats

July 19, 2021

A study by Fastly and ESG, based on insights from information security and IT professionals representing hundreds of organizations globally, revealed growing concerns around …

DevOps didn’t kill WAF, because WAF will never truly die

May 14, 2021

The web application firewall (WAF) is dead, they say, and DevOps is the culprit, found over the body in the server room with a blade in its hand and splattered code on its …

Even though critical, web application security is getting less attention

April 20, 2021

As organizations shifted focus to support remote work and business continuity amid the challenges of 2020, web application security suffered, according to an Invicti Security …