web application security
Video: Attacking XML preprocessing
Documenting more than a year of research in XML technologies, this talk by Nicolas Grégoire at Hack in The Box 2012 Amsterdam details security implications of the XML format …
Control and measure web application scans
NT OBJECTives announced NTOEnterprise 2.0 which enables organizations to plan, manage, control and measure web application scans and also assess and prioritize areas of …
Vulnerabilities in open source WAF ModSecurity
During our research of web application firewall evasion issues, we uncovered a flaw in ModSecurity that may lead to complete bypass of the installed rules, in the cases when …
Static analysis technology for web application security
Coverity has extended static analysis to deeply understand both source code and modern web application architecture, providing greater accuracy and remediation guidance to …
Create secure web applications with Sentinel Source
WhiteHat Security announced Sentinel Source, a solution for creating secure online applications from inception to launch. With the ability to track source code development for …
LogRhythm and Imperva partner on database and web application security
LogRhythm announced a partnership with Imperva. It includes technical integration that enables Imperva’s SecureSphere solution to feed data to LogRhythm’s SIEM 2.0 …
Guard your website against malicious activity with WebsiteDefender
Acunetix released WebsiteDefender, an online security monitoring service which helps you secure websites against malware and hacker activity. Google’s security blog …
Web Application Security, A Beginner’s Guide
Web Application Security, A Beginner’s Guide imparts the hard-learned lessons and experiences of top security professionals, and provides know-how that can otherwise …
Juniper Networks enhances its Mykonos Web Security software
Juniper Networks announced major platform enhancements to its Mykonos Web Security software. The new release provides 30 new features and enhancements that strengthen …
Kickstarter bug granted access to unlaunched projects
A bug in the private application programming interface (API) of Kickstarter, the popular crowd funding website for creative projects, has exposed details about 70,000 projects …
1,000+ WordPress sites compromised through automatic update feature
More than 1,000 WordPress blogs have been modified to redirect visitors to sites serving malware, affiliate and pay-per-click redirectors, and low quality PPC search result …
Top 10 business logic attack vectors
Application business logic flaws are unique to each custom application, potentially very damaging, and difficult to test. Attackers exploit business logic by using deductive …
Featured news
Resources
Don't miss
- January 2026 Patch Tuesday forecast: And so it continues
- How AI agents are turning security inside-out
- Security teams are paying more attention to the energy cost of detection
- Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)
- PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)