Web application and API security best practices

Browse this section for the latest news, expert advice and learning tools on web application security, including web application testing, as well as API security best practices.

New & Notable

Download this free guide

Instant Download: Free Guide to Password Security

Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.

Corporate E-mail Address:
You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login.
You have exceeded the maximum character limit.
Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Web application and API security best practices News

November 16, 2018 16 Nov'18
Firefox Monitor offers breach alerts on visited websites

The promised integration with Have I Been Pwned is expanding in Firefox Monitor with new breach alerts when a user visits a recently compromised website.
July 24, 2018 24 Jul'18
Physical security keys eliminate phishing at Google

Successful phishing attempts have been eliminated among Google employees following a requirement to use physical security keys in order to gain access to all Google accounts.
June 29, 2018 29 Jun'18
Have I Been Pwned integration comes to Firefox and 1Password

With new Have I Been Pwned integration, Firefox and 1Password users will be able to learn if their email addresses have been compromised in any known data breaches.
June 08, 2018 08 Jun'18
Posting passwords on Trello leads to latest data exposure mess

Amazon Web Services and Google Groups have seen data exposures due to poor configurations by users. Now, some have accidentally shared passwords on Trello boards.

View All News

Web application and API security best practices Get Started

Bring yourself up to speed with our introductory content

pen test (penetration testing)

Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Continue Reading
API management

API management is the process of overseeing application programming interfaces (APIs) in a secure, scalable environment. Continue Reading
Web application firewall (WAF)

A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are especially useful to companies that provide products or services over the Internet. Continue Reading

View All Get Started

Evaluate Web application and API security best practices Vendors & Products

Weigh the pros and cons of technologies, products and projects you are considering.

Open UC platforms improve communication workflow, but carry risks

An API-based integration between UC and business apps can improve workflows and contextual communication. But the integrations may carry security risks. Continue Reading
How did Ammyy Admin software get repeatedly abused by malware?

The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves. Continue Reading
CryptXXX: How does this ransomware spread through legitimate websites?

The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress. Continue Reading

View All Evaluate

Manage Web application and API security best practices

Learn to apply best practices and optimize your operations.

How did WhatsApp vulnerabilities get around encryption?

WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work and how to prevent them. Continue Reading
What is missing from the NIST/DHS botnet security report?

The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis. Continue Reading
Embedded application security: Inside OWASP's best practices

OWASP released a draft of new guidelines for creating secure code within embedded software. Expert Judith Myerson discusses best practices, pitfalls to avoid and auditing tools. Continue Reading

View All Manage

Problem Solve Web application and API security best practices Issues

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How did an Electron framework flaw put Slack at risk?

An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it. Continue Reading
Addressing vulnerable web systems that are often overlooked

Web security vulnerability scanners often focus on large applications within the enterprise. However, there are plenty of overlooked web systems that contain hidden flaws. Continue Reading
How can the Jenkins vulnerabilities in plug-ins be mitigated?

A wave of Jenkins vulnerabilities related to plug-ins were recently discovered. Expert Judith Myerson explains the flaws and how enterprises should mitigate them. Continue Reading

View All Problem Solve