Web application and API security best practices

Browse this section for the latest news, expert advice and learning tools on web application security, including web application testing, as well as API security best practices.

New & Notable

Download this free guide

Instant Download: Free Guide to Password Security

Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.

Corporate E-mail Address:
You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login.
You have exceeded the maximum character limit.
Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Web application and API security best practices News

November 16, 2018 16 Nov'18
Firefox Monitor offers breach alerts on visited websites

The promised integration with Have I Been Pwned is expanding in Firefox Monitor with new breach alerts when a user visits a recently compromised website.
July 24, 2018 24 Jul'18
Physical security keys eliminate phishing at Google

Successful phishing attempts have been eliminated among Google employees following a requirement to use physical security keys in order to gain access to all Google accounts.
June 29, 2018 29 Jun'18
Have I Been Pwned integration comes to Firefox and 1Password

With new Have I Been Pwned integration, Firefox and 1Password users will be able to learn if their email addresses have been compromised in any known data breaches.
June 08, 2018 08 Jun'18
Posting passwords on Trello leads to latest data exposure mess

Amazon Web Services and Google Groups have seen data exposures due to poor configurations by users. Now, some have accidentally shared passwords on Trello boards.

View All News

Web application and API security best practices Get Started

Bring yourself up to speed with our introductory content

An architect's guide to microservices security

Whether you're new to distributed architecture or well underway with deployment, this guide on microservices security covers the basics through advanced tooling and strategies. Continue Reading
SSL (Secure Sockets Layer)

Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. Continue Reading
pen test (penetration testing)

Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Continue Reading

View All Get Started

Evaluate Web application and API security best practices Vendors & Products

Weigh the pros and cons of technologies, products and projects you are considering.

Open UC platforms improve communication workflow, but carry risks

An API-based integration between UC and business apps can improve workflows and contextual communication. But the integrations may carry security risks. Continue Reading
How did Ammyy Admin software get repeatedly abused by malware?

The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves. Continue Reading
CryptXXX: How does this ransomware spread through legitimate websites?

The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress. Continue Reading

View All Evaluate

Manage Web application and API security best practices

Learn to apply best practices and optimize your operations.

How can credential stuffing attacks be detected?

Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat. Continue Reading
5-step checklist for web application security testing

This five-step approach to web application security testing with documented results will help keep your organization's applications free of flaws. Continue Reading
How did WhatsApp vulnerabilities get around encryption?

WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work and how to prevent them. Continue Reading

View All Manage

Problem Solve Web application and API security best practices Issues

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How did an Electron framework flaw put Slack at risk?

An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it. Continue Reading
Addressing vulnerable web systems that are often overlooked

Web security vulnerability scanners often focus on large applications within the enterprise. However, there are plenty of overlooked web systems that contain hidden flaws. Continue Reading
How can the Jenkins vulnerabilities in plug-ins be mitigated?

A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them. Continue Reading

View All Problem Solve