Get started

Web application and API security best practices

• Web application firewall (WAF)

  A web application firewall (WAF) is a firewall that monitors, filters and blocks data packets as they travel to and from a website or web application. Continue Reading

• cryptographic nonce

  A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology. Continue Reading

• How to manage application security best practices and risks

  The reality of application security risks requires software developers to be mindful of testing, tools and best practices to improve user experience and information security. Continue Reading

• distributed denial of service (DDoS) attack

  A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. Continue Reading

• SSL (Secure Sockets Layer)

  Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. Continue Reading

• Definitions to Get Started

  • Web application firewall (WAF)
  • cryptographic nonce
  • distributed denial of service (DDoS) attack
  • SSL (Secure Sockets Layer)

  • pen test (penetration testing)
  • buffer overflow
  • malvertisement (malicious advertisement or malvertising)
  • content filtering (information filtering)

  View All Definitions

• pen test (penetration testing)

  Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.Continue Reading

• How to craft an effective DevSecOps process with your team

  Switching to a DevSecOps model in software development offers many benefits, but combining security and DevOps takes knowledge, forethought and planning.Continue Reading

• buffer overflow

  A buffer overflow occurs when a program attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow exploits may enable remote execution of malicious code or denial of service ...Continue Reading

• DevOps security requires new mindset and tools for visibility, automation

  Intuit did it. Etsy did it. Netflix did it. How fast moving companies are integrating security into the agile DevOps cycle for continuous deployment of software and services.Continue Reading

• DevSecOps: Security leaves the silos (and badges) behind

  Delays, "no" and "redo that work" causes many developers to avoid IT security. With DevOps, proponents aim to make security at scale everybody's problem.Continue Reading

• How to address key SSL security issues and vulnerabilities

  As SSL technology evolves and changes, new vulnerabilities begin to cause problems. Expert Rob Shapland explains how security professionals can overcome these SSL security issues.Continue Reading

• Can opportunistic encryption improve browser security?

  Opportunistic encryption offers encryption for servers that don't support HTTPS. Expert Michael Cobb explains how it works and how it can help Web security.Continue Reading

• Comparing the best Web application firewalls in the industry

  Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading

• Introduction to Web fraud detection systems

  Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce.Continue Reading

• Can a walled garden approach help secure Web browsers?

  While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why.Continue Reading