New & Notable
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Web application and API security best practices News
January 25, 2018
The Electron framework -- used to develop desktop apps using web code -- included a remote code execution flaw that was passed on to popular apps like Slack.
December 07, 2017
The latest version of the OWASP Top Ten web application risks is much like previous versions, and that's not a bad thing at all.
March 17, 2017
Although minting authentication cookies is not widely understood, the Yahoo hacker indictments has brought it to the forefront and shown it can be very dangerous.
March 03, 2017
News roundup: A researcher discovers a Slack hack through stolen tokens. Plus, another WordPress flaw puts 1 million users at risk; Necurs botnet does DDoS now; and more.
Web application and API security best practices Get Started
Bring yourself up to speed with our introductory content
API management is the process of overseeing application programming interfaces (APIs) in a secure, scalable environment. Continue Reading
A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are especially useful to companies that provide products or services over the Internet. Continue Reading
A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple different locations or networks. Continue Reading
Evaluate Web application and API security best practices Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves. Continue Reading
The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress. Continue Reading
This guide explains the technology and the key features an effective system should include to help readers evaluate fraud detection products and choose the best for their company. Continue Reading
Manage Web application and API security best practices
Learn to apply best practices and optimize your operations.
OWASP released a draft of new guidelines for creating secure code within embedded software. Expert Judith Myerson discusses best practices, pitfalls to avoid and auditing tools. Continue Reading
A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies. Continue Reading
While big companies get the headlines, small businesses are more often the targets of attacks on web applications. We examine what might be keeping SMBs from proper security. Continue Reading
Problem Solve Web application and API security best practices Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them. Continue Reading
Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them. Continue Reading
The ReBreakCaptcha exploit can bypass Google's reCAPTCHA verification system using flaws in Google's own API. Expert Michael Cobb explains how the attack works. Continue Reading