WHITEHAT APPSEC PLATFORM
  • WhiteHat SCA
  • Sentinel Auto API
  • Sentinel Source (SAST)
  • Sentinel Dynamic (DAST)
  • Sentinel Mobile (MAST)
  • WhiteHat eLearning
  • Web and Mobile Application Security
    BY ROLE
  • Executives
  • IT Security
  • Developers
    BY IMPLEMENTATION
  • Financial Services
  • Retail / E-Commerce
  • Healthcare
  • Software & Technology
  • GOVERNMENT
  • Election Security
    BY NEED
  • Professional Services
  • Web Application Security
  • DevSecOps
  • Microservices
  • Compliance
  • Vulnerability Remediation
  • Overview
  • Case Studies
  • Drive the Future
  • Support Portal Login
  • Register a Deal
  • Technology Partners
  • Partner Portal Login
  • Appsec Stats Flash Podcast
  • Premium Content
  • Datasheets
  • Solution Briefs
  • Whitepapers
  • Threat Reports
  • On-Demand Webinars
  • Videos
  • COVID-19 (Coronavirus) Response
  • About Us
  • Leadership
  • In the News
  • Blog
  • Careers
  • 2020 Gartner Magic Quadrant
LOGIN
  • Support Portal
  • Partner Portal
  • Sentinel Login
  • Sentinel Login - EU
  • LOGIN
    • Support Portal
    • Partner Portal
    • Sentinel Login
    • Sentinel Login - EU
  • CONTACT
  • BLOG
  • PLATFORM

      WHITEHAT APPSEC PLATFORM
    • WhiteHat SCA
    • Sentinel Auto API
    • Sentinel Source (SAST)
    • Sentinel Dynamic (DAST)
    • Sentinel Mobile (MAST)
    • WhiteHat eLearning
    • LEARN MORE
  • SOLUTIONS

      BY ROLE
    • Executives
    • IT Security
    • Developers
      BY INDUSTRY
    • Financial Services
    • Retail / E-Commerce
    • Healthcare
    • Software & Technology
    • GOVERNMENT
    • Election Security
      BY NEED
    • Professional Services
    • Web Application Security
    • DevSecOps
    • Microservices
    • Compliance
    • Vulnerability Remediation
  • CUSTOMERS

    • Overview
    • Case Studies
    • Drive the Future
  • RESOURCES

    • Appsec Stats Flash Podcast
    • Premium Content
    • Datasheets
    • Solution Briefs
    • Whitepapers
    • Threat Reports
    • On-Demand Webinars
    • Videos
    • Take a self-assessment now
  • COMPANY

    • About Us
    • Leadership
    • Careers
    • In the News
    • Service Delivery
    • LEARN MORE

Blog

TRENDING NOW
CATEGORIES
TRENDING NOW

THREAT BULLETINS

  • Breaking News

INDUSTRY SOLUTIONS

  • Podcast

THOUGHT LEADERSHIP

  • Industry Observations

SECURITY RESEARCH

  • Technical Insight
  • Tools and Applications
  • True Stories of the TRC
  • Unsung Heroes
  • Vulnerabilities
  • WhiteHat HackerKast

WHITEHAT SENTINEL

  • Events
  • Web Application Security
  • Web Applications
  • WhiteHat Security Products
Web Application Security

9 Product Flavors Fit the Security Needs of the Entire Software Lifecycle

Joseph Feiman | June 11, 2019

Speed to market has been everything in the software development world. But over time we’ve discovered that speed alone cannot remain the end all be all. The majority of data breaches have to do with web application security vulnerabilities; and therefore, security must become part of the software development equation.

Read More
Web Application Security

WhiteHat Security’s Approach to Detecting Cross-Site Request Forgery (CSRF)

WhiteHat Security | May 28, 2019

Cross-Site Request Forgery (CSRF) generates many questions from prospects, customers, partners, and Web application security professionals we work with.

Read More
Industry Observations-Web Application Security

Application Security Tools are Becoming Indispensable for Enterprises

WhiteHat Security | February 20, 2019

IT security is a massive concern for many organizations of all shapes and sizes. The consequences of a security failure are often drastic, sometimes terminal. Over recent years, there has been a relentless upward trajectory in spending on IT security, and there are no signs of that trend abating.

Read More
Breaking News-Web Application Security

ROBOT: For When the Metal Ones Decide to Come for You

Rob Tate | December 13, 2017

Dust off your Old Glory Insurance policy, ROBOT attack is now a real thing that can happen to you.

Read More
Industry Observations-Web Application Security

Prediction: Automatic Updates are the Future

Brian Williams | November 29, 2017

2017 has been a wild ride in the security world. This year we saw several high-profile breaches and cyber-attacks, the most notable being the Equifax breach and the WannaCry malware campaign.

Read More
Web Application Security

Interview with an AppSec Professional: Designing an AppSec from the Inside Out

Jeannie Warner | October 19, 2017

While it’s difficult to get permission from one’s corporate communications team or legal department on chatting with vendors, I was able to secure an interview with one of our financial services customers who use both Dynamic and Source code scanning.

Read More
Web Application Security

Find Web App Vulnerabilities for Free with WhiteHat Sentinel Dynamic!

Jessica Marie | October 17, 2017

WhiteHat Sentinel Dynamic is the dynamic application security testing solution that helps you understand, prioritize, and mitigate your web app vulnerabilities. Now is your chance to take advantage of this application security platform for free.

Read More
Static Analysis-Web Application Security-WhiteHat Security Products

Learn the Secret to Secure Application Development at JavaOne

WhiteHat Security | September 27, 2017

Planning to attend the JavaOne Conference October 1-5 in San Francisco? Come on by and meet the team at WhiteHat Security to learn more about secure DevOps, and pick up a gift card for a free 6-month trial of our new static analysis product for Java developers!

Read More
Web Application Security-WhiteHat Security Products

Developer’s Corner: WhiteHat Sentinel APIs

Setu Kulkarni | August 08, 2017

The WhiteHat Sentinel Application Programming Interface (API) can help you out. Whether you’re looking to bring information into your own ticketing system, a SIEM, a new set of developer tools, or even a home-grown environment, we hope you’ll find pointers to the documentation which will help make it easy.

Read More
Industry Observations-Web Application Security

It’s here: The 2017 WhiteHat Security Application Security Statistics Report!

Ryan O'Leary | July 11, 2017

Applications are literally at the core of our digital lives, so it’s more important than ever to ensure that enterprises of all types can provide safe digital experiences. We hope this report provides valuable insights and recommendations on how to secure the apps that drive your business.

Read More
Web Application Security

Working with Autism in Application Security

Mike King | April 28, 2017

Social skills were on my mind. Listening to women describe their problems, it struck me how many of them had to do with stereotypes and unwritten social expectations. It's the end of Autism Awareness Month as I write this and It's a coincidence that I'd been diagnosed with autism at age 34.

Read More
Technical Insight-Web Application Security

WhiteHat Certified Secure Developer Program Off to a Roaring Start

Anna Chiang | April 12, 2017

In the first webinar Introduction to Application Security for Developers, WhiteHat geared towards training and certifying developers to be secure coders.

Read More
Industry Observations-Web Application Security

3 Ways To Empower Developers to Actually FIX Security Vulnerabilities as Part of their DevOps Workflows

Eric Sheridan | April 04, 2017

With the recent emphasis on application security, organizations now strive to fix web app security vulnerabilities earlier in the SDLC, before apps are deployed in order to lower the risk of potential data breaches.

Read More
Industry Observations-Web Application Security

App Permissions: Beware the Hidden Accesses

Jeannie Warner | March 17, 2017

So now that I’ve established myself as a lover of FB and social media, may I ask that you all please carefully consider which additional new and (worse) seldom-used applications that you grant permission to “Log On with Facebook?” (Or Google+, or Twitter – I’m not just targeting any one federated login mechanism.)

Read More
Vulnerabilities-Web Application Security

Apache Struts 2 CVE-2017-5638: Are My Applications Vulnerable to Remote Code Execution?

Peter Monahan | March 10, 2017

This week, it was reported that certain versions of the Apache Struts 2 Framework are vulnerable to Remote Code Execution attacks.

Read More
Industry Observations-Web Application Security

Introducing the WhiteHat Certified Secure Developer Program

Anna Chiang | March 02, 2017

WhitHat Security is pleased to kick off the WhiteHat Certified Secure Developer (WCSD) Program. It is open to all developers free of charge and gives developers that essential jumpstart into understanding app security at a deep technical level.

Read More
Web Application Security

Our Top 5 Most Watched Webinars of 2016

Ruchika Mishra | January 17, 2017

As we head into the new year, we thought we’d share our 5 most watched webinars of 2016. Like “must see TV”, these are well worth taking the time to watch and learn from!

Read More
Technical Insight-Tools and Applications-Vulnerabilities-Web Application Security

Top 10 Web Hacking Techniques of 2015

Kuskos | January 12, 2016

After a lot of coordination, research, voting by the community and judging - learn the Top 10 Web Hacking Techniques of 2015.

Read More
Vulnerabilities-Web Application Security

CVE-2015-0204 Freak Attack

Ryan O'Leary | May 28, 2015

It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade attack. In short, an attacker could man-in-the-middle a user and web server, force the user and server to downgrade to a set of export ciphers which are weak and outdated.

Read More
Web Application Security

Top 10 Proactive Web Application Security Measures

Robert Hansen | July 13, 2013

I think a lot of web designers and web masters have almost no idea what are the most important things to focus on beginning on day one.

Read More
Technical Insight-True Stories of the TRC-Vulnerabilities-Web Application Security

How I stole source code with Directory Indexing and Git

Kuskos | May 21, 2013

The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking from a blackbox perspective.

Read More
Technical Insight-Web Application Security

Password Cracking AES-256 DMGs and Epic Self-Pwnage

Jeremiah Grossman | February 07, 2013

Password Cracking AES-256 DMGs and Epic Self-Pwnage

Read More
Web Application Security

Session Fixation Prevention in Java

johnmelton | August 28, 2012

Session fixation, by most definitions, is a subclass of session hijacking.

Read More
Web Application Security

Content Security Policy

johnmelton | June 07, 2012

Content Security Policy (CSP) is a new(ish) technology put together by Mozilla that Web apps can use as an additional layer of protection against Cross-Site Scripting (XSS). This protection against XSS is the primary goal of CSP technology.

Read More
Web Application Security

CSRF Prevention in Java

johnmelton | May 31, 2012

Learn about what is CSRF and developing CSRF prevention design principles. 

Read More
Web Application Security

HTTP Strict Transport Security

johnmelton | May 24, 2012

HTTP Strict Transport Security (HSTS) is a new(ish) technology that allows an application to force browsers to use only SSL/TLS (HTTPS, not HTTP) when they visit that application.

Read More
Web Application Security

Session Cookie HttpOnly Flag Java

johnmelton | May 17, 2012

Session cookies (or, to Java folks, the cookie containing the JSESSIONID) are the cookies used to perform session management for Web applications.

Read More
Web Application Security

Clickjacking Prevention in Java

johnmelton | May 10, 2012

Clickjacking prevention is a type of “Web framing” or “UI redressing” attack.

Read More
Web Application Security

X-Frame-Options

johnmelton | April 06, 2012

X-Frame-Options allows an application to specify whether or not specific pages of the site can be framed. This is meant to help prevent the clickjacking problem.

Read More
Web Application Security

Hash Length Extension Attacks

Douglass Clem | March 30, 2012

Many penetration testers rarely test cryptographic vulnerabilities. In this post provides details of a length extension attack.

Read More

Posts navigation

1 2

We use cookies to store information on your computer that are either essential to make our site work or help us personalize and improve the user experience. By using this site, you consent to the placement of these cookies. To learn more, see our Cookie Policy.

Agree
  • Terms & Conditions
  • Privacy Policy
  • GDPR Compliance

  • Manage Communications Preferences

© 2020 WhiteHat Security, Inc. All Rights Reserved.

(408) 343 - 8300 1741 Technology Dr. #300 San Jose, CA 95110
PLATFORM
  • WhiteHat SCA
  • Sentinel Auto API
  • Sentinel Source (SAST)
  • Sentinel Dynamic (DAST)
  • Sentinel Mobile (MAST)
  • WhiteHat eLearning
SOLUTIONS
  • Professional Services
  • Financial Services
  • Retail
  • Healthcare
  • Software & Technology
  • DevSecOps
  • Compliance
  • Vulnerability Remediation
  • GOVERNMENT
  • Election Security
CUSTOMERS
  • Case Studies
  • Drive the Future
  • Support Portal Login
PARTNERS
  • Register a Deal
  • Technology Partners
RESOURCES
  • Premium Content
  • Datasheets
  • Solution Briefs
  • Whitepapers
  • Threat Reports
  • Events
  • On-Demand Webinars
  • Videos
  • COVID-19 (Coronavirus) Response
COMPANY
  • About Us
  • Leadership
  • Careers
  • In the News
  • Service Delivery
LOGIN
  • Sentinel Login
  • Sentinel Login (EU)
  • Contact Us
  • Blog
  • Glossary
  • Trending
  • FAQ
© 2020 WhiteHat Security, Inc. All Rights Reserved.
  • Terms & Conditions
  • Privacy Policy
  • GDPR Compliance
  • Manage Communications Preferences