Problem solve

Web application and API security best practices

• How to encrypt and secure a website using HTTPS

  The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data. Continue Reading

• How can developers avoid a Git repository security risk?

  Learn how managing web development content with the popular version control system can be risky without taking action to avoid these basic Git repository security risks. Continue Reading

• 5 common web application vulnerabilities and how to avoid them

  Common web application vulnerabilities continue to confound enterprises. Here's how to defend against them and stop enabling exploits. Continue Reading

• How can credential stuffing attacks be detected?

  Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat. Continue Reading

• How did an Electron framework flaw put Slack at risk?

  An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it. Continue Reading

• Addressing vulnerable web systems that are often overlooked

  Web security vulnerability scanners often focus on large applications within the enterprise. However, there are plenty of overlooked web systems that contain hidden flaws.Continue Reading

• How can the Jenkins vulnerabilities in plug-ins be mitigated?

  A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them.Continue Reading

• Common web application login security weaknesses and how to fix them

  Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them.Continue Reading

• What tools can bypass Google's CAPTCHA challenges?

  The ReBreakCaptcha exploit can bypass Google's reCAPTCHA verification system using flaws in Google's own API. Expert Michael Cobb explains how the attack works.Continue Reading

• How did a Moodle security vulnerability enable remote code execution?

  A series of logic flaws in Moodle enabled attackers to remotely execute code on servers. Expert Michael Cobb explains how the Moodle security vulnerability can be exploited.Continue Reading

• WordPress REST API flaw: How did it lead to widespread attacks?

  A REST API endpoint vulnerability enabled attacks on 1.5 million sites running WordPress. Expert Michael Cobb explains how this vulnerability works and how to prevent attacks.Continue Reading

• How to identify and address overlooked web security vulnerabilities

  Certain web security vulnerabilities evade detection due to oversight or carelessness. Expert Kevin Beaver discusses the top overlooked issues and how to address them.Continue Reading

• How are hackers using Twitter as C&C servers for malware?

  C&C servers have been replaced with Twitter accounts, which spread the Android Trojan Twitoor to user devices. Expert Michael Cobb explains how to stop this attack.Continue Reading

• DevOps and security promises better apps, infrastructures

  DevOps is a process aimed at creating and updating applications quickly and, traditionally, it has lacked effective security controls. The software that was created too often contained vulnerabilities right from the start. Combining DevOps and ...Continue Reading

• How to resolve a Web application security vulnerability

  Web application security vulnerabilities can exist from browser to SSL/TLS. Expert Brad Causey explains how application security testing and Web application firewalls can address this.Continue Reading