Web security tools and best practices
Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.
New & Notable
Your Guide to Info Sec Certifications
We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Web security tools and best practices News
-
April 03, 2018
03
Apr'18
Cloudflare 1.1.1.1 DNS promises more private web browsing
Cloudflare promises its new 1.1.1.1 DNS service is faster and enables better privacy for web browsing than competing offerings, but it's unclear how different its service will be.
-
March 29, 2018
29
Mar'18
RSA Innovation Sandbox highlights threat detection, AI
Security startups competing in this year's RSA Innovation Sandbox will present new offerings for threat detection, cloud security, artificial intelligence and machine learning.
-
March 27, 2018
27
Mar'18
TLS 1.3 update is finalized with encryption upgrade
The IETF approves the TLS 1.3 encryption protocol upgrade after four years and 28 versions; improvements include better security and performance, as well as middlebox support.
-
March 21, 2018
21
Mar'18
Firefox bug exposes passwords to brute force -- for nine years
A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years.
Web security tools and best practices Get Started
Bring yourself up to speed with our introductory content
-
cross-site scripting (XSS)
Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, into content from otherwise trusted websites. Continue Reading
-
API management
API management is the process of overseeing application programming interfaces (APIs) in a secure, scalable environment. Continue Reading
-
How are middleboxes affecting the TLS 1.3 release date?
Despite fixing important security problems, the official TLS 1.3 release date keeps getting pushed back, in part due to failures in middlebox implementations. Continue Reading
Evaluate Web security tools and best practices Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
-
Public key pinning: Why is Google switching to a new approach?
After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch. Continue Reading
-
Advanced Protection Program: How has Google improved security?
Google added a layer to its account security system with Advanced Protection Program. Matt Pascucci explains how individuals can better defend themselves from malicious actors. Continue Reading
-
HTTP Strict Transport Security: What are the security benefits?
Google's use of HTTP Strict Transport Security aims to improve web browsing security. Expert Judith Myerson explains how HSTS can make the internet more secure. Continue Reading
Manage Web security tools and best practices
Learn to apply best practices and optimize your operations.
-
How a Blizzard DNS rebinding flaw put millions of gamers at risk
A Blizzard DNS rebinding flaw could have put users of its online PC games at risk of attack. Expert Michael Cobb explains how a DNS rebinding attack works and what to do about it. Continue Reading
-
How can a Moxa MXview vulnerability be exploited by hackers?
A vulnerability was found in Moxa MXview -- a software used to visualize network devices and physical connections. Learn how this vulnerability can enable privilege escalation. Continue Reading
-
Internet Explorer bug: How does it expose address bar info?
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL tracking with Nick Lewis. Continue Reading
Problem Solve Web security tools and best practices Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
-
Addressing vulnerable web systems that are often overlooked
Web security vulnerability scanners often focus on large applications within the enterprise. However, there are plenty of overlooked web systems that contain hidden flaws. Continue Reading
-
How can improper certificate pinning be stopped by the Spinner tool?
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the Spinner tool. Continue Reading
-
Why the Bleichenbacher attack is still around
The Bleichenbacher attack got a new name after 20 years. Expert Michael Cobb reviews the ROBOT attack and discusses why it's still active this long after it emerged. Continue Reading