Web application and API security best practices

Browse this section for the latest news, expert advice and learning tools on web application security, including web application testing, as well as API security best practices.

New & Notable

Download this free guide

3 Ways SOAR Can Combat the Cybersecurity Skills Shortage

What are some of the strategies that your organization has implemented to help combat the cybersecurity skills gap? Mike Chapple, senior director of IT at University of Notre Dame explains how log processing, threat intelligence and account lifecycle management can help alleviate the shortage of qualified pros and have teams work smarter, not harder.

Corporate E-mail Address:
You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login.
You have exceeded the maximum character limit.
Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Web application and API security best practices News

May 22, 2019 22 May'19
G Suite passwords insecurely stored in two separate incidents

Google disclosed two separate incidents in which G Suite passwords were stored insecurely, and in one of those incidents, the passwords were stored improperly for 14 years.
April 30, 2019 30 Apr'19
A recent history of Facebook security and privacy issues

Since the start of 2018, Facebook has had a seemingly constant cascade of security issues and privacy scandals. Here's a look back at the social media giant's most serious issues.
November 16, 2018 16 Nov'18
Firefox Monitor offers breach alerts on visited websites

The promised integration with Have I Been Pwned is expanding in Firefox Monitor with new breach alerts when a user visits a recently compromised website.
July 24, 2018 24 Jul'18
Physical security keys eliminate phishing at Google

Successful phishing attempts have been eliminated among Google employees following a requirement to use physical security keys in order to gain access to all Google accounts.

View All News

Web application and API security best practices Get Started

Bring yourself up to speed with our introductory content

cryptographic nonce

A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology. Continue Reading
How to manage application security best practices and risks

The reality of application security risks requires software developers to be mindful of testing, tools and best practices to improve user experience and information security. Continue Reading
distributed denial of service (DDoS) attack

A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. Continue Reading

View All Get Started

Evaluate Web application and API security best practices Vendors & Products

Weigh the pros and cons of technologies, products and projects you are considering.

Open UC platforms improve communication workflow, but carry risks

An API-based integration between UC and business apps can improve workflows and contextual communication. But the integrations may carry security risks. Continue Reading
How did Ammyy Admin software get repeatedly abused by malware?

The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves. Continue Reading
CryptXXX: How does this ransomware spread through legitimate websites?

The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress. Continue Reading

View All Evaluate

Manage Web application and API security best practices

Learn to apply best practices and optimize your operations.

4 fundamental practices for serverless architecture security

Are you ready for serverless security? Learn about four critical planning considerations software teams need to focus on if they plan to adopt serverless. Continue Reading
How can credential stuffing attacks be detected?

Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat. Continue Reading
5-step checklist for web application security testing

This five-step approach to web application security testing with documented results will help keep your organization's applications free of flaws. Continue Reading

View All Manage

Problem Solve Web application and API security best practices Issues

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How can developers avoid a Git repository security risk?

Learn how managing web development content with the popular version control system can be risky without taking action to avoid these basic Git repository security risks. Continue Reading
5 common web application vulnerabilities and how to avoid them

Common web application vulnerabilities continue to confound enterprises. Here's how to defend against them and stop enabling exploits. Continue Reading
How did an Electron framework flaw put Slack at risk?

An Electron framework flaw put users of Slack, Skype and other big apps at risk. Expert Michael Cobb explains how this remote code execution flaw works and how to prevent it. Continue Reading

View All Problem Solve