web application security
Password Reset MITM: Exposing the need for better security choices
Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites …
High-Tech Bridge ImmuniWeb named Best Emerging Technology
Web and mobile application security testing services provider High-Tech Bridge has won the “Best Emerging Technology” category at the SC Awards Europe 2017. The company has …
Apache servers under attack through easily exploitable Struts 2 flaw
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are …
Qualys and Bugcrowd bring automation, crowdsourcing to web app security
At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web …
25% of web apps still vulnerable to eight of the OWASP Top Ten
69 percent of web applications are plagued by vulnerabilities that could lead to sensitive data exposure, and 55 percent by cross-site request forgery flaws, the results of a …
Qualys brings web application security automation to a new level
At RSA Conference 2017, Qualys announced new functionality in its web application security offerings, including scalable fast scanning, detection and patching of websites, …
WordPress kept users and hackers in the dark while secretly fixing critical zero-day
Last week WordPress released the newest version (4.7.2) of the popular CMS, ostensibly fixing three security issues affecting versions 4.7.1 and earlier. What the WordPress …
43+ million users affected by confirmed Weebly breach
Weebly, a popular web-hosting service featuring a drag-and-drop website builder, has been breached, and email addresses/usernames, IP addresses and encrypted passwords for …
DDoS and web application attacks keep escalating
Akamai Technologies released its Second Quarter, 2016 State of the Internet / Security Report, which highlights the cloud security landscape, specifically trends with DDoS and …
Continuous security in the web application space
What we’re seeing in the market right now is increased consolidation among vendors. They’re buying each other, more products covering another vendor’s …
Widespread httpoxy vulnerabilities affect server-side web apps
A new, branded set of vulnerabilities has been revealed by security researchers, this time responsibly and without too much fanfare. The collective name given to the …
The damaging divide in application security
It’s time to get serious about application security and the divisive reality of breaches. Even with today’s intense focus on security, web application attacks are on the rise: …