Get started
Bring yourself up to speed with our introductory content.
Web application and API security best practices
cryptographic nonce
A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology. Continue Reading
How to manage application security best practices and risks
The reality of application security risks requires software developers to be mindful of testing, tools and best practices to improve user experience and information security. Continue Reading
distributed denial of service (DDoS) attack
A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. Continue Reading
-
Web application firewall (WAF)
A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are especially useful to companies that provide products or services over the Internet. Continue Reading
SSL (Secure Sockets Layer)
Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. Continue Reading
-
Definitions to Get Started
- cryptographic nonce
- distributed denial of service (DDoS) attack
- Web application firewall (WAF)
- SSL (Secure Sockets Layer)
- pen test (penetration testing)
- buffer overflow
- malvertisement (malicious advertisement or malvertising)
- content filtering (information filtering)
pen test (penetration testing)
Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.Continue Reading
How to craft an effective DevSecOps process with your team
Switching to a DevSecOps model in software development offers many benefits, but combining security and DevOps takes knowledge, forethought and planning.Continue Reading
buffer overflow
A buffer overflow occurs when a program attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow exploits may enable remote execution of malicious code or denial of service ...Continue Reading
DevOps security requires new mindset and tools for visibility, automation
Intuit did it. Etsy did it. Netflix did it. How fast moving companies are integrating security into the agile DevOps cycle for continuous deployment of software and services.Continue Reading
DevSecOps: Security leaves the silos (and badges) behind
Delays, "no" and "redo that work" causes many developers to avoid IT security. With DevOps, proponents aim to make security at scale everybody's problem.Continue Reading
-
How to address key SSL security issues and vulnerabilities
As SSL technology evolves and changes, new vulnerabilities begin to cause problems. Expert Rob Shapland explains how security professionals can overcome these SSL security issues.Continue Reading
Can opportunistic encryption improve browser security?
Opportunistic encryption offers encryption for servers that don't support HTTPS. Expert Michael Cobb explains how it works and how it can help Web security.Continue Reading
Comparing the best Web application firewalls in the industry
Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading
Introduction to Web fraud detection systems
Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce.Continue Reading
Can a walled garden approach help secure Web browsers?
While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why.Continue Reading