Web application and API security best practices
Browse this section for the latest news, expert advice and learning tools on web application security, including web application testing, as well as API security best practices.
New & Notable



Instant Download: Building an Incident Response Action Plan
77% of organizations admit they don’t have a formal cybersecurity incident response plan (CSIRP) that is applied consistently across the organization, according to IBM. If you’re one of them, here’s everything you need to know about building an efficient incident response action plan.
Web application and API security best practices News
-
October 09, 2019
09
Oct'19
Twitter 2FA data 'inadvertently' used for advertising
Twitter used two-factor authentication information, including email addresses and phone numbers, to target ads for an unknown number of people over an unknown period of time.
-
May 22, 2019
22
May'19
G Suite passwords insecurely stored in two separate incidents
Google disclosed two separate incidents in which G Suite passwords were stored insecurely, and in one of those incidents, the passwords were stored improperly for 14 years.
-
April 30, 2019
30
Apr'19
A recent history of Facebook security and privacy issues
Since the start of 2018, Facebook has had a seemingly constant cascade of security issues and privacy scandals. Here's a look back at the social media giant's most serious issues.
-
November 16, 2018
16
Nov'18
Firefox Monitor offers breach alerts on visited websites
The promised integration with Have I Been Pwned is expanding in Firefox Monitor with new breach alerts when a user visits a recently compromised website.
Web application and API security best practices Get Started
Bring yourself up to speed with our introductory content
-
Web application firewall (WAF)
A web application firewall (WAF) is a firewall that monitors, filters and blocks data packets as they travel to and from a website or web application. Continue Reading
-
Web application (Web app)
A Web application (Web app) is an application program that is stored on a remote server and delivered over the Internet through a browser interface. Continue Reading
-
cryptographic nonce
A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology. Continue Reading
Evaluate Web application and API security best practices Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
-
Open UC platforms improve communication workflow, but carry risks
An API-based integration between UC and business apps can improve workflows and contextual communication. But the integrations may carry security risks. Continue Reading
-
How did Ammyy Admin software get repeatedly abused by malware?
The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves. Continue Reading
-
CryptXXX: How does this ransomware spread through legitimate websites?
The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress. Continue Reading
Manage Web application and API security best practices
Learn to apply best practices and optimize your operations.
-
4 fundamental practices for serverless architecture security
Are you ready for serverless security? Learn about four critical planning considerations software teams need to focus on if they plan to adopt serverless. Continue Reading
-
How can credential stuffing attacks be detected?
Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat. Continue Reading
-
5-step checklist for web application security testing
This five-step approach to web application security testing with documented results will help keep your organization's applications free of flaws. Continue Reading
Problem Solve Web application and API security best practices Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
-
How to encrypt and secure a website using HTTPS
The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data. Continue Reading
-
How can developers avoid a Git repository security risk?
Learn how managing web development content with the popular version control system can be risky without taking action to avoid these basic Git repository security risks. Continue Reading
-
5 common web application vulnerabilities and how to avoid them
Common web application vulnerabilities continue to confound enterprises. Here's how to defend against them and stop enabling exploits. Continue Reading