Problem solve
Get help with specific problems with your technologies, process and projects.
Web application and API security best practices
How to encrypt and secure a website using HTTPS
The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data. Continue Reading
How can developers avoid a Git repository security risk?
Learn how managing web development content with the popular version control system can be risky without taking action to avoid these basic Git repository security risks. Continue Reading
5 common web application vulnerabilities and how to avoid them
Common web application vulnerabilities continue to confound enterprises. Here's how to defend against them and stop enabling exploits. Continue Reading
-
How can credential stuffing attacks be detected?
Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat. Continue Reading
How did an Electron framework flaw put Slack at risk?
An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it. Continue Reading
Addressing vulnerable web systems that are often overlooked
Web security vulnerability scanners often focus on large applications within the enterprise. However, there are plenty of overlooked web systems that contain hidden flaws.Continue Reading
How can the Jenkins vulnerabilities in plug-ins be mitigated?
A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them.Continue Reading
Common web application login security weaknesses and how to fix them
Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them.Continue Reading
What tools can bypass Google's CAPTCHA challenges?
The ReBreakCaptcha exploit can bypass Google's reCAPTCHA verification system using flaws in Google's own API. Expert Michael Cobb explains how the attack works.Continue Reading
How did a Moodle security vulnerability enable remote code execution?
A series of logic flaws in Moodle enabled attackers to remotely execute code on servers. Expert Michael Cobb explains how the Moodle security vulnerability can be exploited.Continue Reading
-
WordPress REST API flaw: How did it lead to widespread attacks?
A REST API endpoint vulnerability enabled attacks on 1.5 million sites running WordPress. Expert Michael Cobb explains how this vulnerability works and how to prevent attacks.Continue Reading
How to identify and address overlooked web security vulnerabilities
Certain web security vulnerabilities evade detection due to oversight or carelessness. Expert Kevin Beaver discusses the top overlooked issues and how to address them.Continue Reading
How are hackers using Twitter as C&C servers for malware?
C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to stop this attack.Continue Reading
DevOps and security promises better apps, infrastructures
DevOps is a process aimed at creating and updating applications quickly and, traditionally, it has lacked effective security controls. The software that was created too often contained vulnerabilities right from the start. Combining DevOps and ...Continue Reading
How to resolve a Web application security vulnerability
Web application security vulnerabilities can exist from browser to SSL/TLS. Expert Brad Causey explains how application security testing and Web application firewalls can address this.Continue Reading