WHITEHAT APPSEC PLATFORM
  • WhiteHat SCA
  • Sentinel Auto API
  • Sentinel Source (SAST)
  • Sentinel Dynamic (DAST)
  • Sentinel Mobile (MAST)
  • WhiteHat eLearning
  • Web and Mobile Application Security
    BY ROLE
  • Executives
  • IT Security
  • Developers
    BY IMPLEMENTATION
  • Financial Services
  • Retail / E-Commerce
  • Healthcare
  • Software & Technology
  • GOVERNMENT
  • Election Security
    BY NEED
  • Professional Services
  • Web Application Security
  • DevSecOps
  • Microservices
  • Compliance
  • Vulnerability Remediation
  • Overview
  • Case Studies
  • Drive the Future
  • Support Portal Login
  • Register a Deal
  • Technology Partners
  • Partner Portal Login
  • Appsec Stats Flash Podcast
  • Premium Content
  • Datasheets
  • Solution Briefs
  • Whitepapers
  • Threat Reports
  • On-Demand Webinars
  • Videos
  • COVID-19 (Coronavirus) Response
  • About Us
  • Leadership
  • In the News
  • Blog
  • Careers
  • 2020 Gartner Magic Quadrant
  • contact us
  • phone number
  • search
LOGIN
  • Support Portal
  • Partner Portal
  • Sentinel Login
  • Sentinel Login - EU
logo WhiteHat NTT
logo WhiteHat NTT
  • LOGIN
    • Support Portal
    • Partner Portal
    • Sentinel Login
    • Sentinel Login - EU
  • CONTACT
  • BLOG
  • PLATFORM

      WHITEHAT APPSEC PLATFORM
    • WhiteHat SCA
    • Sentinel Auto API
    • Sentinel Source (SAST)
    • Sentinel Dynamic (DAST)
    • Sentinel Mobile (MAST)
    • WhiteHat eLearning
    • Whitehat ready secure go
    • LEARN MORE
  • SOLUTIONS

      BY ROLE
    • Executives
    • IT Security
    • Developers
      BY INDUSTRY
    • Financial Services
    • Retail / E-Commerce
    • Healthcare
    • Software & Technology
    • GOVERNMENT
    • Election Security
      BY NEED
    • Professional Services
    • Web Application Security
    • DevSecOps
    • Microservices
    • Compliance
    • Vulnerability Remediation
  • CUSTOMERS

    • Overview
    • Case Studies
    • Drive the Future
  • RESOURCES

    • Appsec Stats Flash Podcast
    • Premium Content
    • Datasheets
    • Solution Briefs
    • Whitepapers
    • Threat Reports
    • On-Demand Webinars
    • Videos
    • whitehat service appointment
    • Take the assessment now
  • COMPANY

    • About Us
    • Leadership
    • Careers
    • In the News
    • Service Delivery
    • whitehat gartner
    • LEARN MORE

Blog

TRENDING NOW
CATEGORIES
TRENDING NOW

THREAT BULLETINS

  • Breaking News

INDUSTRY SOLUTIONS

  • Podcast

THOUGHT LEADERSHIP

  • Industry Observations

SECURITY RESEARCH

  • Technical Insight
  • Tools and Applications
  • True Stories of the TRC
  • Unsung Heroes
  • Vulnerabilities
  • WhiteHat HackerKast

WHITEHAT SENTINEL

  • Events
  • Web Application Security
  • Web Applications
  • WhiteHat Security Products
Vulnerabilities

Best Practices in Identifying and Remediating Vulnerabilities

Bryan Becker and Simon Whittaker | July 16, 2019

In this article, we’ll take a closer look at how research partners Vertical Structure and WhiteHat Security worked together to identify and verify a vulnerability, and then notify and work with the vendor to quickly and effectively remediate the issue and protect customers.

Read More
Vulnerabilities

Protecting Apache Struts through DAST, SAST, and SCA

Jeannie Warner | August 30, 2018

On August 22, 2018, Apache Struts announced a security vulnerability and patch which remediates a critical remote code execution vulnerability. Apache Struts is a Java-based web application platform used by an estimated 65 percent of Fortune 100 companies. With this latest vulnerability, attackers can exploit a web application...

Read More
Breaking News-Vulnerabilities

Cyber Attackers: A perfect 10! Olympic Committee: Failed to qualify.

Katie Tierney | February 13, 2018

2018 Winter Olympic Games hit with destroyer malware during opening ceremony.

Read More
Breaking News-Industry Observations-Vulnerabilities

Can you hear me now? APIs are vulnerable!

Ryan O'Leary | October 12, 2017

Learn best practices about how to avoid API Vulnerabilities from security experts at WhiteHat Security.

Read More
Breaking News-Industry Observations-Vulnerabilities

Whole Foods, Sonic Drive-in… POS System breaches. Why are we still seeing breaches like this?

Ryan O'Leary | September 29, 2017

Learn about the two announcements for POS System breaches with Whole Foods and Sonic Drive-in. 

Read More
Breaking News-Industry Observations-Vulnerabilities

To #Petya or #NotPetya – It’s an Important Question

Ryan O'Leary | June 27, 2017

There's another 'worldwide' attack known as Petya Ransomware and it's spreading quickly - learn about it first from WhiteHat Security.

Read More
Industry Observations-Vulnerabilities

74 Countries and Counting… Today’s Massive Ransomware Attack

Ryan O'Leary | May 12, 2017

A large scale cyber attack of hospitals across England has staff and patients reeling. The fallout has serious impacts on individuals’ healthcare, as everything from patient records and prescriptions to surgery schedules are inaccessible.

Read More
Vulnerabilities-Web Application Security

Apache Struts 2 CVE-2017-5638: Are My Applications Vulnerable to Remote Code Execution?

Peter Monahan | March 10, 2017

This week, it was reported that certain versions of the Apache Struts 2 Framework are vulnerable to Remote Code Execution attacks.

Read More
Industry Observations-Vulnerabilities

Verizon Needed a Security Facts Label

Eric Sheridan | March 07, 2017

With the migration towards digital transformation and the onslaught of cyber attacks, we need a “Security Facts” label so that we as consumers may make more informed decisions about the risk we are inheriting from the use or acquisition of applications.

Read More
Technical Insight-Tools and Applications-Vulnerabilities-Web Application Security

Top 10 Web Hacking Techniques of 2015

Kuskos | January 12, 2016

After a lot of coordination, research, voting by the community and judging - learn the Top 10 Web Hacking Techniques of 2015.

Read More
Vulnerabilities-Web Application Security

CVE-2015-0204 Freak Attack

Ryan O'Leary | May 28, 2015

It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade attack. In short, an attacker could man-in-the-middle a user and web server, force the user and server to downgrade to a set of export ciphers which are weak and outdated.

Read More
Industry Observations-Tools and Applications-Vulnerabilities

Bypassing Internet Explorer’s Anti-XSS Filter

Carlos Munoz | December 04, 2013

There’s a problem with the reflective Cross Site Scripting (“XSS”) filter in Microsoft’s Internet Explorer family of browsers that extends from version 8.0 (where the filter first debuted) through the most current version, 11.0, released in mid-October for Windows 8.1, and early November for Windows 7.

Read More
Vulnerabilities

The Case of an Unconventional CSRF Attack in Firefox

Kuskos | June 27, 2013

It appears that an unconventional method of Cross Site Request Forgery may be made exploitable by using Firefox versions 21 and below.

Read More
Technical Insight-True Stories of the TRC-Vulnerabilities

Web Storage Security

Zach Jones | May 28, 2013

Never use Web Storage data for access control decisions or trust the serialized objects you store here for other critical business logic. A malicious user is free to modify their localStorage and sessionStorage values at any time, treat all Web Storage data as untrusted.

Read More
Technical Insight-True Stories of the TRC-Vulnerabilities-Web Application Security

How I stole source code with Directory Indexing and Git

Kuskos | May 21, 2013

The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking from a blackbox perspective.

Read More
Tools and Applications-Vulnerabilities

7 Ways Vulnerability Scanners May Harm Websites and What To Do About It

Jeremiah Grossman | November 07, 2012

Learn 7 ways vulnerability scanners may harm websites and what to do about it.

Read More
Technical Insight-Vulnerabilities

A Single-Site Browser’s impact on XSS, CSRF, and Clickjacking

Jeremiah Grossman | February 08, 2012

A Single-Site Browser (SSB) is a highly restricted Web browser only capable of connecting to a single website. A “website” can be defined as a white-listed collection of one or more hostnames, IP addresses, ports, and protocols.

Read More

We use cookies to store information on your computer that are either essential to make our site work or help us personalize and improve the user experience. By using this site, you consent to the placement of these cookies. To learn more, see our Cookie Policy.

Agree
WhiteHat NTT logo
  • WhiteHat linkedin
  • WhiteHat twitter
  • WhiteHat facebook
  • WhiteHat Youtube
  • Terms & Conditions
  • Privacy Policy
  • GDPR Compliance

  • Manage Communications Preferences

© 2020 WhiteHat Security, Inc. All Rights Reserved.

WhiteHat linkedin WhiteHat twitter WhiteHat facebook WhiteHat youtube
WhiteHat phone icon (408) 343 - 8300 WhiteHat address 1741 Technology Dr. #300 San Jose, CA 95110
PLATFORM
  • WhiteHat SCA
  • Sentinel Auto API
  • Sentinel Source (SAST)
  • Sentinel Dynamic (DAST)
  • Sentinel Mobile (MAST)
  • WhiteHat eLearning
SOLUTIONS
  • Professional Services
  • Financial Services
  • Retail
  • Healthcare
  • Software & Technology
  • DevSecOps
  • Compliance
  • Vulnerability Remediation
  • GOVERNMENT
  • Election Security
CUSTOMERS
  • Case Studies
  • Drive the Future
  • Support Portal Login
PARTNERS
  • Register a Deal
  • Technology Partners
RESOURCES
  • Premium Content
  • Datasheets
  • Solution Briefs
  • Whitepapers
  • Threat Reports
  • Events
  • On-Demand Webinars
  • Videos
  • COVID-19 (Coronavirus) Response
COMPANY
  • About Us
  • Leadership
  • Careers
  • In the News
  • Service Delivery
LOGIN
  • Sentinel Login
  • Sentinel Login (EU)
  • Contact Us
  • Blog
  • Glossary
  • Trending
  • FAQ
WhiteHat Sec logo
© 2021 WhiteHat Security, Inc. All Rights Reserved.
  • Terms & Conditions
  • Privacy Policy
  • GDPR Compliance
  • Manage Communications Preferences