Web application and API security best practices news, help and research

Web application and API security best practices News

July 24, 2018 24 Jul'18
Physical security keys eliminate phishing at Google

Successful phishing attempts have been eliminated among Google employees following a requirement to use physical security keys in order to gain access to all Google accounts.
June 29, 2018 29 Jun'18
Have I Been Pwned integration comes to Firefox and 1Password

With new Have I Been Pwned integration, Firefox and 1Password users will be able to learn if their email addresses have been compromised in any known data breaches.
June 08, 2018 08 Jun'18
Posting passwords on Trello leads to latest data exposure mess

Amazon Web Services and Google Groups have seen data exposures due to poor configurations by users. Now, some have accidentally shared passwords on Trello boards.
May 04, 2018 04 May'18
Twitter bug exposes passwords of all 336 million users

On none other than World Password Day, a Twitter bug was announced that led to the passwords of all 336 million users being stored in plaintext in an internal log.

Bring yourself up to speed with our introductory content

API management

API management is the process of overseeing application programming interfaces (APIs) in a secure, scalable environment. Continue Reading
Web application firewall (WAF)

A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are especially useful to companies that provide products or services over the Internet. Continue Reading
distributed denial of service (DDoS) attack

A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple different locations or networks. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Open UC platforms improve communication workflow, but carry risks

An API-based integration between UC and business apps can improve workflows and contextual communication. But the integrations may carry security risks. Continue Reading
How did Ammyy Admin software get repeatedly abused by malware?

The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves. Continue Reading
CryptXXX: How does this ransomware spread through legitimate websites?

The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress. Continue Reading

Learn to apply best practices and optimize your operations.

What is missing from the NIST/DHS botnet security report?

The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis. Continue Reading
Embedded application security: Inside OWASP's best practices

OWASP released a draft of new guidelines for creating secure code within embedded software. Expert Judith Myerson discusses best practices, pitfalls to avoid and auditing tools. Continue Reading
OneLogin data breach: What does the attack mean for SSOs?

A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How did an Electron framework flaw put Slack at risk?

An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it. Continue Reading
Addressing vulnerable web systems that are often overlooked

Web security vulnerability scanners often focus on large applications within the enterprise. However, there are plenty of overlooked web systems that contain hidden flaws. Continue Reading
How can the Jenkins vulnerabilities in plug-ins be mitigated?

A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them. Continue Reading