Web application and API security best practices

Browse this section for the latest news, expert advice and learning tools on web application security, including web application testing, as well as API security best practices.

New & Notable

Download this free guide

Download: Your Complete Guide to IAM

Utilize this 66-page IAM guide to help you stay on top of the latest best practices and techniques. Security expert Michael Cobb explores the risks and rewards of biometrics measures and multifactor authentication, how organizations can assess if it is time to modernize IAM strategies, and much more.

Corporate E-mail Address:
You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login.
You have exceeded the maximum character limit.
Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Web application and API security best practices News

October 09, 2019 09 Oct'19
Twitter 2FA data 'inadvertently' used for advertising

Twitter used two-factor authentication information, including email addresses and phone numbers, to target ads for an unknown number of people over an unknown period of time.
May 22, 2019 22 May'19
G Suite passwords insecurely stored in two separate incidents

Google disclosed two separate incidents in which G Suite passwords were stored insecurely, and in one of those incidents, the passwords were stored improperly for 14 years.
April 30, 2019 30 Apr'19
A recent history of Facebook security and privacy issues

Since the start of 2018, Facebook has had a seemingly constant cascade of security issues and privacy scandals. Here's a look back at the social media giant's most serious issues.
November 16, 2018 16 Nov'18
Firefox Monitor offers breach alerts on visited websites

The promised integration with Have I Been Pwned is expanding in Firefox Monitor with new breach alerts when a user visits a recently compromised website.

Web application and API security best practices Get Started

Bring yourself up to speed with our introductory content

API management

API management is the process of overseeing application program interfaces (APIs) in a secure, scalable environment. Continue Reading
Web application firewall (WAF)

A web application firewall (WAF) is a firewall that monitors, filters and blocks data packets as they travel to and from a website or web application. Continue Reading
Web application (Web app)

A Web application (Web app) is an application program that is stored on a remote server and delivered over the Internet through a browser interface. Continue Reading

Evaluate Web application and API security best practices Vendors & Products

Weigh the pros and cons of technologies, products and projects you are considering.

Bot management drives ethical data use, curbs image scraping

Bot management tools can help enterprises combat bad bots, prevent web and image scraping, and ensure ethical data use -- all while maintaining a positive end-user experience. Continue Reading
Who wins the security vs. privacy debate in the age of AI?

When trying to maintain balance between security and privacy in an AI-enabled world, who decides which side should tip and when? So continues the security vs. privacy debate. Continue Reading
Open UC platforms improve communication workflow, but carry risks

An API-based integration between UC and business apps can improve workflows and contextual communication. But the integrations may carry security risks. Continue Reading

Manage Web application and API security best practices

Learn to apply best practices and optimize your operations.

SSL certificate best practices for 2020 and beyond

SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
Best practices for threat modeling service mesh, microservices

In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods. Continue Reading
4 fundamental practices for serverless architecture security

Are you ready for serverless security? Learn about four critical planning considerations software teams need to focus on if they plan to adopt serverless. Continue Reading

Problem Solve Web application and API security best practices Issues

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How to mitigate an HTTP request smuggling vulnerability

Exploiting an HTTP request smuggling vulnerability can result in the inadvertent execution of unauthorized HTTP requests. Learn how to defend web environments from this attack. Continue Reading
How to prevent buffer overflow attacks

Read up on types of buffer overflow attacks, and learn secure coding best practices that prevent such vulnerabilities, as well as post-deployment steps to keep apps and websites safe. Continue Reading
5 application security threats and how to prevent them

The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses. Continue Reading