Web application and API security best practices

Browse this section for the latest news, expert advice and learning tools on web application security, including web application testing, as well as API security best practices.

New & Notable

Download this free guide

Your Guide to Info Sec Certifications

We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.

Corporate E-mail Address:
You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login.
You have exceeded the maximum character limit.
Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Web application and API security best practices News

April 03, 2018 03 Apr'18
Cloudflare 1.1.1.1 DNS promises more private web browsing

Cloudflare promises its new 1.1.1.1 DNS service is faster and enables better privacy for web browsing than competing offerings, but it's unclear how different its service will be.
January 25, 2018 25 Jan'18
Electron framework flaw puts popular desktop apps at risk

The Electron framework -- used to develop desktop apps using web code -- included a remote code execution flaw that was passed on to popular apps like Slack.
December 07, 2017 07 Dec'17
OWASP Top Ten: Surviving in the cyber wilderness

The latest version of the OWASP Top Ten web application risks is much like previous versions, and that's not a bad thing at all.
March 17, 2017 17 Mar'17
Yahoo fallout: Minted authentication cookies raise concerns

Although minting authentication cookies is not widely understood, the Yahoo hacker indictments has brought it to the forefront and shown it can be very dangerous.

View All News

Web application and API security best practices Get Started

Bring yourself up to speed with our introductory content

API management

API management is the process of overseeing application programming interfaces (APIs) in a secure, scalable environment. Continue Reading
Web application firewall (WAF)

A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are especially useful to companies that provide products or services over the Internet. Continue Reading
distributed denial of service (DDoS) attack

A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple different locations or networks. Continue Reading

View All Get Started

Evaluate Web application and API security best practices Vendors & Products

Weigh the pros and cons of technologies, products and projects you are considering.

How did Ammyy Admin software get repeatedly abused by malware?

The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves. Continue Reading
CryptXXX: How does this ransomware spread through legitimate websites?

The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress. Continue Reading
Choosing the best web fraud detection system for your company

This guide explains the technology and the key features an effective system should include to help readers evaluate fraud detection products and choose the best for their company. Continue Reading

View All Evaluate

Manage Web application and API security best practices

Learn to apply best practices and optimize your operations.

Embedded application security: Inside OWASP's best practices

OWASP released a draft of new guidelines for creating secure code within embedded software. Expert Judith Myerson discusses best practices, pitfalls to avoid and auditing tools. Continue Reading
OneLogin data breach: What does the attack mean for SSOs?

A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies. Continue Reading
SiteLock president shares hard truth on secure web development

While big companies get the headlines, small businesses are more often the targets of attacks on web applications. We examine what might be keeping SMBs from proper security. Continue Reading

View All Manage

Problem Solve Web application and API security best practices Issues

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Addressing vulnerable web systems that are often overlooked

Web security vulnerability scanners often focus on large applications within the enterprise. However, there are plenty of overlooked web systems that contain hidden flaws. Continue Reading
How can the Jenkins vulnerabilities in plug-ins be mitigated?

A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them. Continue Reading
Common web application login security weaknesses and how to fix them

Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them. Continue Reading

View All Problem Solve