Get started

Web application and API security best practices

• SSL (Secure Sockets Layer)

  Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. Continue Reading

• pen test (penetration testing)

  Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Continue Reading

• Web application firewall (WAF)

  A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are especially useful to companies that provide products or services over the Internet. Continue Reading

• distributed denial of service (DDoS) attack

  A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple different locations or networks. Continue Reading

• How to craft an effective DevSecOps process with your team

  Switching to a DevSecOps model in software development offers many benefits, but combining security and DevOps takes knowledge, forethought and planning. Continue Reading

• Definitions to Get Started

  • SSL (Secure Sockets Layer)
  • pen test (penetration testing)
  • Web application firewall (WAF)
  • distributed denial of service (DDoS) attack

  • buffer overflow
  • malvertisement (malicious advertisement or malvertising)
  • content filtering (information filtering)
  • metamorphic and polymorphic malware

  View All Definitions

• buffer overflow

  A buffer overflow occurs when a program attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow exploits may enable remote execution of malicious code or denial of service ...Continue Reading

• DevOps security requires new mindset and tools for visibility, automation

  Intuit did it. Etsy did it. Netflix did it. How fast moving companies are integrating security into the agile DevOps cycle for continuous deployment of software and services.Continue Reading

• DevSecOps: Security leaves the silos (and badges) behind

  Delays, "no" and "redo that work" causes many developers to avoid IT security. With DevOps, proponents aim to make security at scale everybody's problem.Continue Reading

• How to address key SSL security issues and vulnerabilities

  As SSL technology evolves and changes, new vulnerabilities begin to cause problems. Expert Rob Shapland explains how security professionals can overcome these SSL security issues.Continue Reading

• Can opportunistic encryption improve browser security?

  Opportunistic encryption offers encryption for servers that don't support HTTPS. Expert Michael Cobb explains how it works and how it can help Web security.Continue Reading

• Comparing the best Web application firewalls in the industry

  Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading

• Introduction to Web fraud detection systems

  Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce.Continue Reading

• Can a walled garden approach help secure Web browsers?

  While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why.Continue Reading

• Email security gateways vs. Web security gateways: Do you need both?

  When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.Continue Reading

• Can a read-only domain controller maximize DMZ security?

  Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver explains.Continue Reading