New & Notable
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Web server threats and application attacks News
December 13, 2017
A team of security researchers discovered many vendors' TLS implementations are vulnerable to the Bleichenbacher oracle attack, which was first discovered 19 years ago.
October 31, 2017
A security researcher earned more than $15,000 by finding three flaws in the Google Issue Tracker, aka Buganizer, which revealed details on unpatched vulnerabilities.
October 05, 2017
Newly uncovered information indicated that all 3 billion users were affected by the 2013 Yahoo data breach, but Oath claimed passwords and credit card info was safe.
September 15, 2017
Equifax has confirmed an unpatched critical Apache Struts vulnerability was exploited in the breach that compromised the personal data of 143 million U.S. citizens.
Web server threats and application attacks Get Started
Bring yourself up to speed with our introductory content
Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, into content from otherwise trusted websites. Continue Reading
Security assessment and testing should be baked into your regular IT workflows so that you’re able to spot software vulnerabilities before they turn into full-blown attacks. Continue Reading
HTTP response header configuration files on servers need to be set up properly to secure sensitive data. Expert Judith Myerson outlines how to do this on different types of servers. Continue Reading
Evaluate Web server threats and application attacks Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Google added a layer to its account security system with Advanced Protection Program. Matt Pascucci explains how individuals can better defend themselves from malicious actors. Continue Reading
In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important. Continue Reading
A web shell from the JexBoss security tool was used to exploit servers through an unpatched JBoss vulnerability. Expert Michael Cobb explains how to prevent similar attacks. Continue Reading
Manage Web server threats and application attacks
Learn to apply best practices and optimize your operations.
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it means for users. Continue Reading
Due to the rising value of bitcoin and other cryptocurrency, hackers have started to use cryptojacking to mine bitcoin. Learn what this means for end users with expert Nick Lewis. Continue Reading
While big companies get the headlines, small businesses are more often the targets of attacks on web applications. We examine what might be keeping SMBs from proper security. Continue Reading
Problem Solve Web server threats and application attacks Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
The Bleichenbacher attack got a new name after 20 years. Expert Michael Cobb reviews the ROBOT attack and discusses why it's still active this long after it emerged. Continue Reading
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis. Continue Reading
The Katyusha Scanner is based on the open source penetration test scanner Arachni. However, it has been modified to work through Telegram accounts. Nick Lewis explains how it works. Continue Reading