AppSec Stats Flash: 2021 Year in Review

Step 1 to Resolving the Spring4Shell Vulnerability: Find It, Safely

This blog was co-authored by Eric Rodriguez, Sarah Perkins, and Vishrut Iyengar – NTT AppSec Security Staff. Spring is upon...

Kubernetes Security Starts with Your Containers

If we are to “containerize all the things”, as one meme put it, then it would be natural to leverage...

F5 BIG-IP Vulnerability Announced

As of last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This...

Are You Using Secure Passwords?

May 5th, 2022 is World Password Day and this year, more than years past, it’s a really important day. It’s...

Synopsys to acquire WhiteHat Security| An application security pioneer and market-segment leading provider of DAST solutions

Today, we are thrilled to share the exciting news that Synopsys has signed a definitive agreement to acquire WhiteHat Security...

4 Cybersecurity Tax Tips for Last-Minute Filers

Accountants aren’t the only ones putting in overtime during tax season. It’s also the busiest time of the year for...

Manufacturing Organizations’ Answer to Application Security is DAST For Pre-Production | AppSec Solutions for Industries

Due to the sensitive and proprietary information businesses within this industry store and create, it’s not surprising that manufacturing organizations...

How We Developed SSRF Detection to Help Protect Your Site

Developer Spotlight: Protecting Your Site from Server Side Request Forgery (SSRF) The security landscape is always changing. As software developers,...

Hackers Never Let April Fools’ Day Go to Waste

“Since March began thirty days and two,”[1] hackers’ distinctive humorous style has continually regaled. Whether you’re a fan of obscure...

Critical Alert: Spring4Shell RCE Vulnerability (CVE-2022-22965)

UPDATE : April 12, 2022 As a summary and update to this evolving situation, the NTT Application Security teams have...

Highlighting Belfast on St. Patrick’s Day

In honor of St. Patrick’s Day, NTT Application Security would like to celebrate our employees at the Belfast office. So,...

Protecting from the Ongoing Threat of Russian Cyberattacks

Two weeks ago, the world watched in horror as Russia launched an unprovoked attack on Ukraine, a democratically elected, sovereign...

NTT Application Security #breaksthebias on International Women’s Day 2022!

The observation of International Women’s Day has gone on since the early 1900s. Since its beginnings, the world has experienced...

Roses are #ff0000, violets are #0000ff — don’t let these vulnerability profiles get the best of you!

We understand that Heartbleed can lead to heartbreak and potential reputational damage. And a good application security solution should be...

Application Security Has Its Best Ever Chance For Success

The last year has been marked by the rapid progress of transformational DevOps models. IT teams are grappling with how...

A Solid Data Privacy Program can be a Safe Harbor

The rate at which Data Privacy Laws in the U.S., Europe, and other countries are evolving is not slowing down....

Introducing Vantage Detect: Enterprises’ Last Line of Defense Against Breaches

As Log4j and other zero-day vulnerabilities increasingly disrupt digital business operations around the world, enterprises’ public-facing web applications and APIs...

It’s Time To Search For New Talent, But Not Without Due Diligence

The onset of the pandemic caused a high unemployment rate, resulting in layoffs that impacted various roles across industries. With...

How Vantage Prevent Shifts DAST Left and Reignites DevSecOps for Enterprises

For more than 20 years, the WhiteHat brand name has been synonymous with application security innovation. Today, we’re unveiling what...

Log4Shell: What enterprises need to know about the widespread and critical zero-day vulnerability

Updates from NTT Application Security Updated January 7, 2022 – CVE-2021-44228 by Drew Streib – Head of Architecture and Operations...

Introducing the WhiteHat Vantage Platform

It’s a historic day at NTT Application Security. For just over 20 years, we have served as pioneers in the...

Avoid These Threats on Cyber Weekend

The biggest shopping time of the year is fast approaching, and for consumers this year it means shopping primarily online....

Infographic: The State of Secure Online Holiday Shopping

What would you do if an online retailer exposed your credit card or personal information due to a security breach?...

NTT Application Security Named 2021 Gartner Peer Insights Customers’ Choice for Application

We’re thrilled to announce that this month, NTT Application Security was recognized as a Gartner Peer Insights Customers’ Choice for...

AppSec Stats Flash Vol 10: Healthcare Sector Spotlight

Over the last 10 months of AppSec Stats Flash, a few trends have come to light. Breach exposure by applications...

3 Ways to Put Cybersecurity First at Your Company

Welcome to week four of Cybersecurity Awareness Month! The events of the past two years have accelerated a near complete...

National Cybersecurity Awareness Month: My Experience as a Woman Working in Cybersecurity

As we continue to celebrate National Cybersecurity Awareness Month 2021, it’s important to highlight the ever-increasing role that women are...

Fight the Phish with These Tips

Phishing is a type of social engineering attack where the attacker sends malicious links or attachments, usually via email, in...

Unpacking AppSec with Alice and Bob

In this month’s Security in the Fast Lane podcast, Setu Kulkarni, VP of Corporate Strategy & Business Development for NTT...

Top 5 Ways to Be Cyber Smart

Welcome to Cybersecurity Awareness Month 2021! It’s been a rollercoaster of a year in cybersecurity, with the workforce embracing a...

Monthly AppSec News Round Up — September 2021 Edition

September marks the end of summer and the start of another school year. With some schools continuing to focus on...

AppSec Stats Flash Vol 9: Education Sector Spotlight

How Digitally Safe is Back to School? The pandemic forced many industries to accelerate their adoption of technology in order...

Q&A: Catching Up With Vlad Nisic

In case you missed the news, NTT Application Security welcomed Vlad Nisic to the team as the company’s first VP...

Don’t Let These Five Myths Hinder Your DevSecOps Adoption

DevOps has not yet become DevSecOps, leaving DevOps unsecured. Everyone speaks of it, but very few organizations have mastered it....

Follow Up: National Cybersecurity Executive Order

A month ago, NTT released an Intelligence Report from the Global Threat Intelligence Center (GTIC). Highlighted in that report was...

Monthly AppSec News Round Up — August 2021 Edition

With Black Hat 2021 now in the rear-view mirror, August netted-out to be another busy month in cybersecurity news thanks...

Know Your Risk

“There are known knowns. There are things we know we know. We also know there are known unknowns. That is...

Executive Order On Cybersecurity: A Call To Fight Cyber Threats

The threat of cyberattacks continues to rise unabated, and Washington is taking urgent notice. The recent attack on the Colonial...

Beers on Breaches: T-Mobile Hacked Again, and Again, and Again.

Server Misconfiguration – 2021 On August 15th, 2021, Vice reported that a hacker had breached multiple T-Mobile servers, affecting between...

Hackers Have it Easy!

Application security is becoming an increasingly top of mind issue for the average person. High-profile breaches are happening more frequently,...

Ready to Secure Your Applications? Have a Plan? Go!

Operationalizing the Modern AppSec Framework Whether you’ve been following our 3-Part Summer webinar series or you’re just now joining us,...

Security in the Fast Lane Vol. 3 is now available!

Everyone in the world should be cyber-aware to a basic level, but shouldn’t the developers creating applications be well versed...

Notes from Black Hat 2021

The NTT Application Security team intrepidly traveled to Las Vegas to attend the 2021 edition of Black Hat USA. While...

Monthly AppSec News Round Up — July 2021 Edition

In the weeks leading up to Black Hat, there has been no shortage of news impacting the security industry. From...

Kobayashi Maru

NTT Application Security has been monitoring and reporting on the state of application security monthly since January 2021. Over the...

We’re Back at Black (Hat, That Is)

The Black Hat USA Conference is back in 2021—both in-person and virtually—and we’re beyond excited to see everyone next month...

Beers on Breaches: 6-Pack Roundup

McDonalds, Wegman’s, medical industry victimized by data breaches McDonald’s Get Bit The fast-food giant was hit with a data breach...

Modern AppSec Requires a Modern Approach

Organizations need to develop and deliver secure applications fast. Unfortunately, the traditional software development lifecycle (SDLC) paradigm no longer works...

Defense Wins Championships

It’s one of the most common phrases in all sports, and rightly so. Take a look at any championship team...

Welcome to NTT Application Security

As you may already know, WhiteHat Security was acquired by NTT Security in July of 2019. Over the past two...

Key Findings: GTIC – Monthly Intelligence Report

A new report published this month by NTT’s Global Threat Intelligence Center (GTIC) is shedding new light on the Colonial...

Upcoming Webinar: It’s Time to Go DAST—to the Future!

  Hop in the DeLorean. It’s time to go DAST—to the Future! In WhiteHat’s latest white paper—DAST to the Future: Shifting...

AppSec Stats Flash Vol. 6 Is Now Live

Over the last 6 months, WhiteHat has been tracking some key application security statistics alongside the fast-evolving threat landscape. In...

The Ways of The API: A useful pattern to apply to API Security

This morning we released the first episode of our new “Security in the Fast Lane” podcast series. This series provides...

Memorial Day: A Veteran’s Journey Through Civilian Work Life

Today is Memorial Day—a day to honor those who’ve served in America’s armed forces, remember those we’ve lost, and celebrate...

Monthly AppSec News Round Up — May 2021 Edition

Just when we thought we had seen the worst when April’s news broke of Facebook and Clubhouse breaches, we were...

AppSec Stats Flash Vol. 5 Is Now Live

The ransomware attack on the Colonial Pipeline sent shockwaves through the security industry and American society alike. In this month’s...

WhiteHat Security Named Best Product in Application Security in 2021 Global InfoSec Awards

In case you (virtually) missed us at RSAC 2021, we are thrilled to announce that WhiteHat has been recognized as...

RSA Conference 2021: A Look Back, A Sprint Forward

As we head into RSA Conference 2021, memories of the event last year come into clearer focus. We remember when...

Beers on Breaches: Experian Suffers Yet Another Breach

Going back a decade, credit reporting giant Experian has been the target of several major leaks and breaches.   There was...

AppSec News Round Up—April 2021

We live in a world where only three things are certain: death, taxes and breaches. Nearly every day, WhiteHat’s team...

Whistleblower Claims Ubiquiti Downplayed January Breach

In January of this year, Ubiquiti notified its customers that there had been a breach affecting part of their IT...

Introducing Attack Surface Management powered by Bit Discovery

It’s an exciting day at WhiteHat with the launch of Attack Surface Management powered by Bit Discovery – an innovative...

AppSec Stats Flash Vol. 4 Is Now Live

Each month, the AppSec Stats Flash reflects on the evolving threat landscape, tracks key AppSec metrics on an ongoing basis...

Upcoming Webinar: Blueprint for Governance – Integrating API Security Testing within Postman

According to Postman, the development and adoption of APIs continues to skyrocket due to shifts in consumer, architecture and infrastructure...

SolarWinds: What Happened and What’s Next

It has been a little over three months since the SolarWinds Supply-Chain Attack was first discovered, but the full impact...

WhiteHat’s Joseph Feiman Named a Finalist for Security Innovator of the Year in the 2021 SC Awards

Joseph Feiman, Chief Strategy Officer at WhiteHat Security, has been named a finalist in the 2021 SC Awards for Security...

AppSec Stats Flash Vol. 3 is Now Live

AppSec Stats Flash returns this month with today’s release of Vol. 3 — you can stream the podcast below and...

Dr StrangeBot: Or How I Learned to Stop Worrying and Trust Machine Learning

Beneath the cynicism, hyperbole, market–making and FUD; the strategic importance of AI in Cybersecurity is only constrained by us ‘meatbags’.  Being...

Women in Cybersecurity and the Skills you Need to Create your Career

According to the Women in Cybersecurity Report by ISC, women working in cybersecurity currently account for about one-quarter (24%) of...

BUSINESS LOGIC ASSESSMENTS: Finding Application Logic Vulnerabilities that an Automatic Scanner can Miss

What are Business Logic Assessments and how are they Different from Pen Tests? Business Logic Assessments (BLAs) are manual assessments...

Follow the Cookie Crumbs: The Privacy Concerns Behind Data Tracking

To accept cookies or to not accept cookies, that is the question. Find yourself ignoring that relentless cookie consent banner?...

Building Cyber-Resilience through Application Security for a World’s Largest Fast Food Chain

2020 saw most businesses hastily pivot to digital business models which makes almost every industry more vulnerable to cyberattacks than...

Calling on Application Security Professional Services

Digital transformation has morphed from a competitive advantage to a necessity for business survival. As applications are produced faster and...

National Computer Security Day: 3 Steps Towards Staying Safe Online

November 30th is National Computer Security Day reminding people to take ownership of their online presence and identity. We are...

Cultivating Growth for Women in Cybersecurity

Women make up 47 percent of the workforce in America yet hold only 26 percent of technology roles. This indentation...

A Salute to Our Veterans

Veterans Day is an important day set aside to honor and show appreciation for ALL who have served in the...

Cybercriminals Target the Pharmaceutical Industry
How to Proactively Increase Cyber Resilience with Application Security

The Pharmaceutical Industry is Heavily Targeted During the Global Crisis During the current pandemic, cybercriminals are specifically targeting healthcare, pharmaceutical,...

Drive the Future Webinar Highlights Bridge Your Executive Team’s AppSec Anxieties

Our CEO, Craig Hinkley, and our VP of Strategy, Setu Kulkarni, kicked off our support for National Cybersecurity Awareness Month...

Supporting US Employees’ Right to Vote

On November 3rd, one of the most critical decisions in this country will be made, a collective decision made by...

How to Measure and Reduce Cybersecurity Risk in Your Organization

With certain measures in place, organizations can defer intrusions and respond quickly when they occur By Setu Kulkarni, VP, Strategy...

Security in the Fast Lane – Building a Stronger DevSecOps Culture

Applications are the driving force of this new world economy, however, security teams are frustrated and overwhelmed as they struggle...

National Cybersecurity Awareness Month (NCSAM) 2020

Continuing to raise awareness about the importance of cybersecurity across our nation, is what National Cybersecurity Awareness Month (NCSAM) is...

A Top Financial Institution Scales its AppSec Program and Achieves 100% PCI Compliance – WhiteHat Security Customer Case Study

Growing Cyber Threats to the Financial Industry As highly regulated industries, much is at stake for banks and financial services...

MEDIA ALERT: WhiteHat Security Announces New Virtual Series “Security in the Fast Lane: Securing Our App-Driven Economy”

WHAT: WhiteHat Security, an independent, wholly owned subsidiary of NTT Ltd. and a leading application security provider, will present a...

Applications are on the move; how do you secure them?

Automation can help narrow the gap between security needs and security resources Most mobile applications fail critical security tests. Quite...

Winning Together: Now is the Time to Build Lasting Customer Relationships

At the intersection of digital transformation The last few months have been unprecedented times for all of us. Individuals, organizations,...

An Update to WhiteHat’s Valued Customers and Partners

As your trusted partner in application security, we are committed to delivering the experience you know and trust in an...

Gartner Named WhiteHat Security a Leader in its 2020 Magic Quadrant for Application Security Testing

Gartner just published its 2020 Magic Quadrant for Application Security Testing (AST), and we’re pleased to be named a Leader!...

Top 10 Application Vulnerabilities of 2019

In application security, so often the cause of vulnerabilities can be traced to the development process. It’s the nature of...

Key Considerations for CEOs When Navigating a Crisis

In 2018, nearly a quarter of the American workforce was already working remotely. While we’ve had available technology to support...

2020 Election Security: The Urgent Need to Address Vulnerabilities in Voting Systems

“Russian hackers accessed voter databases in two Florida counties prior to the 2016 presidential elections.” 1 “It only took a...

Cybersecurity Will Always Need the Human Element

The WhiteHat Security team recently returned from the RSA Conference in San Francisco. This year’s theme was “The Human Element,” emphasizing...

Women of WhiteHat Commemorate International Women’s Day

International Women’s Day originated as a way to end discrimination against women around the world. Nowadays, it is recognized as...

WhiteHat Security Issues Tax Season Security Advisory: Top Risks and Tips for Avoiding Them

For most Americans, Tax Day (April 15) is a dreaded, recurring deadline (or headache) on the calendar that many will...

RSA 2020 Recap: Small Vendors Preview this Year’s Cybersecurity Trends

The WhiteHat Security team has just returned from another successful RSA Conference in San Francisco. Focused on ‘the human element’...

Exposed Docker Registries Serve as Critical Reminder on Container Security

In recent weeks, news broke that Docker registry misconfigurations could have exposed countless organizations to data theft and supply-chain attacks,...

Vulnerabilities to popular TikTok app leaves sensitive user data exposed

On Jan. 8, we learned that a series of vulnerabilities in the popular social media app TikTok left the personal...

Arming the Public Sector Against Nation-State Attack

With the tensions in Iran escalating over the past few weeks, nation-state cyberattacks have been on the forefront of government...

2019 in Review: A Year of Application Breaches, Hacks and Exposed Data

Applications are quickly becoming a top target for digital adversaries, as more businesses rely on them to drive their revenue...

Mobile Security App-titude- Best Practices for Secure App Design and Data Privacy

Mobile app security can be very challenging. It’s an attack surface that is often an easy entry point for hackers...

WhiteHat Security Issues Advisory on the Security and Privacy Risks Introduced Through Popular Holiday Gifts

For many people, January is primetime to finally install or deploy new technology like home care gadgets they were gifted...

New Year, New AppSec Resolutions

2020 is upon us, and with a new calendar year comes new goals and New Year’s resolutions. As expected, all...

Nation-State Attacks Are Becoming Bigger Threats to Websites and Applications

For decades, nation-state attacks have caused serious havoc across the world, primarily targeting critical infrastructure such as power grids and...

The Top Application Security Whitepapers of 2019

As we head into 2020, application security remains an essential consideration for every organization operating in this digital era. We’ve...

Risks of outsourcing development

The trend to outsource a development project or the development function has been growing in recent years, and for some...

The Top 5 Security Reports of 2019

As 2019 draws to a close and we reflect on our accomplishments and determine how we can improve in the...

Mobile Applications Perform Poorly on Protecting Personal Data
– Minimize the Attack Surface with Sentinel Mobile

Out of the 350 popular Android apps reviewed, 70% leak sensitive personal data (2019 WhiteHat Security Stats Report findings in...

Deck the Halls with Cybersecurity: Best Practices for Holiday Shopping

With the holiday season now in full swing, retail companies have been readying their stores and websites for the influx...

Give Your Developers the Confidence to Produce Safer Mobile Apps Faster

A recent study by Zimperium of the world’s leading travel applications to understand how they manage users’ security and privacy...

Study: Most Developers Worry about Security, Yet Half Their Teams Lack a Dedicated Security Expert

While nearly 75 percent of developers worry about the security of their applications, and 85 percent rank security as very...

WhiteHat Employees Share What They’re Most Grateful for at Work this Thanksgiving

Whether you’re planning to celebrate Thanksgiving with family, a Friendsgiving with your closest mates or perhaps even a Worksgiving with...

Lack of App Security Can Lead to Holiday Travel Woes

It’s that time of year again: the holidays are among us. Soon, millions of us will be on the road...

Celebrating Veteran’s Day at WhiteHat Security

If you work in the public sector, you’ll notice a familiar pause to your work routine this week, as many...

Battling Burnout During Stress Awareness Day

Each November, National Stress Awareness Day is recognized on the first Wednesday of the month and aims to identify and...

How Application Security Strengthens Healthcare Organizations’ Security Posture

The State of Data Breaches in the Healthcare Industry This decade has seen an unprecedented number of connected systems and...

Don’t Be Afraid of the Dark (Web): Tips on Protecting Your Applications

October is known for being the “spookiest” of all the months. While there’s always debate on if ghosts, ghouls and...

Using Artificial Intelligence to Power Application Security

Artificial intelligence (AI) is a bit of a buzzword, and it has been thrown around quite a bit in the...

Adopting a Security Mindset

The modern-day developer faces an inordinate amount of challenges daily. Between constantly fighting to create the most innovative apps to...

NCSAM – How WhiteHat Security Can Help Combat Online Threats

October marks the 16th annual National Cyber Security Awareness Month (NCSAM). This collaborative effort between government and industry has never...

WhiteHat Experts Share Tips for National Cybersecurity Awareness Month

A collaborative effort between government and industry, National Cybersecurity Awareness Month (NCSAM) is observed every October in an effort to...

Part 2 : Simplifying Your Application Security

Previously, we discussed in part 1 of this blog series, application security issues are becoming the first and foremost cause...

5 Tips for DevSecOps Education and Training

Whether it was the millions of users left vulnerable by Fortnite, or hackers gaining access to Dunkin’ customer accounts, 2019...

AppSec Problems vs. Optimal Solutions

Recently, there has been a constant upward trajectory in spending on IT security, and there are no signs of that...

Fines Are Just the Start: The Wider Costs of Compliance Failure

If businesses hadn’t already woken up to the financial clout that’s now in the hands of the world’s data protection...

Beyond Solving the Problem: The WhiteHat Security Customer Service Experience

“The customer is always right,” is the go-to customer service phrase originally coined by Harry Gordon Selfridge in London in...

183 Million Reasons to Improve Payment Security

When British Airways was informed it was facing a fine of £183 million by the UK’s Information Security Commissioner (ICO)...

SSRF and the Cloud 101: Basics on the Latest Headline-grabbing Vulnerability

Server-side request forgery (SSRF) has been in the news recently for causing mainstream data breaches impacting hundreds of millions of...

Part 1 : Simplifying Your Application Security

More and more, businesses today are staking their success on web and mobile applications. But this explosive rise in the...

Inside the Hacker’s Den: Three Takeaways from Black Hat 2019

Thousands of people every year gather in the desert to be able to attend one of the most captivating events...

PCI-DSS: Pioneer for A New Data Protection Era

In the current data compliance and data security climate, empowered regulators are really flexing their muscles. Within the space of...

(White)Hats Off to the Women of WhiteHat: Celebrating Women’s Equality Day 2019

Despite women gaining the equal right to vote in 1878 and the U.S. Congress designating Aug. 26 as Women’s Equality...

Microservices: A Double-Edged Sword

As modern application development trends go, distributed microservices architecture has been one of the most popular and successful in recent...

Using AppSec Statistics to Drive Better Outcomes

This is the 14th year that we are publishing our annual WhiteHat Security Application Security Statistics report. Over the years, this...

The Rising Costs of Data Breaches – An Expensive Hit to Enterprises Across the Globe

Data privacy is all about users’ personal data collected, stored or used by an organization, but are organizations doing enough...

Cloud Application Security Shouldn’t be Up in the Air

The WhiteHat Security team is seeing a massive shift towards cloud adoption largely driven by organizations looking to reduce cost,...

‘The More Things Change, The More They Stay the Same’: XSS, SQLi, CSRF AppSec Vulnerabilities Show Little Improvement in 1H2019

“The more things change, the more they stay the same.” This simple, succinct proverb created in the 19thcentury by French...

Know Your Risk: How Evaluating Security Posture Can Drive Better Business Decisions

If the title on your office door says, ‘Chief Information Security Officer (CISO),’ chances are, your days are consumed with...

Best Practices in Identifying and Remediating Vulnerabilities

It’s in the nature of cybersecurity that every technology vendor and service provider is vulnerable to security breaches and attacks...

It’s Official: WhiteHat and NTT Security Have Closed the Acquisition Deal

Signed, sealed, delivered…WhiteHat Security is happy to announce that the acquisition by NTT Security is now complete! Back in March...

How Empathy Can Make You a Better Leader

Recently, I was out on a shopping trip at a department store, and I saw an employee scrambling to help...

Celebrating International Women in Engineering Day

With women staffing less than 20 percent of technology jobs in the United States, despite making up more than half...

Journey to InfoSec 2019: Top Three Takeaways from This Year’s Conference

From a very young age, I had always had a keen interest in technology. I always found myself wanting to...

9 Product Flavors Fit the Security Needs of the Entire Software Lifecycle

Speed to market has been everything in the software development world. But over time we’ve discovered that speed alone cannot...

Women’s Day at WhiteHat Security – Top Takeaways from Women in Tech

It’s no secret that the gender gap in technology is still an issue today. According to a study by PwC, only...

Find and Fix JavaScript Vulnerabilities Early in the SDLC

JavaScript is the programming language used to program the behavior of webpages, including creating interactive features like menus, forms, animations,...

NTT’s Approach to Detecting Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) generates many questions from prospects, customers, partners, and Web application security professionals we work with. The questions...

Don’t Mistake Compliance for Security

Is your organization compliant with the security standards and regulations implemented by your industry, state, or country that are applicable...

How to Take the Next Step as a Woman in Cybersecurity

For women in cybersecurity looking to take the next step in their career, navigating that pathway can be challenging. Women...

Partnership with RSI Eases Burden of Remediation on DevSecOps

In today’s digital economy, time to market is everything. Organizations are expected to release applications and updates on a near-continuous...

Not All Heroes Wear Capes: Introducing our Superstar Executive Assistant Nev Dooley

As most people know, there are a lot of moving parts that go into running a cybersecurity company. With products...

The curious case of false positives

In the application security space, customers and prospects tell the same story time and time again: “We set up an...

The Benefits of Software Composition Analysis

Software composition analysis (SCA) allows organizations to identify third-party and open source components that have been integrated into all applications,...

There’s Still Time to Outsmart Hackers this Tax Season

Everyone knows that there are two things that are certain in life: death and taxes. However, in recent years as...

Why Your Next DevSecOps Investment Needs to be Software Composition Analysis

The popularity of reusable software components has soared throughout the developer community in recent years, largely due to the convenience...

Microservices Security

It Gets Worse Before it Gets Better For every 100KLOC, a monolithic application will have an average of 39 vulnerabilities,...

RSA 2019: 5 Key Takeaways from an AppSec Researcher

Mind the Skills Gap – Diversify Your Approach!

There’s been much public debate in the tech industry around a growing shortage of qualified tech talent that’s making it...

Benchmarking accuracy of automated AppSec testing

Top Takeaways from the Watermark Women’s Conference

The Women of WhiteHat Celebrate International Women’s Day

WhiteHat is excited to join NTT Security Corporation

How to be successful with your DevSecOps transformation with Value Stream Integration

Interested in Being a WhiteHat Partner? New Program Arms You with DevSecOps Knowledge, Tools to Increase Value to Customers

Application Security Tools are Becoming Indispensable for Enterprises

AppSec New Year’s Resolutions

Do you ever wonder how security researchers stay up-to-date on the latest cyberattacks and vulnerabilities?

WhiteHat Continues Security Market Leadership in 2018

Are Data Breaches Preventable?

New Year, New Job In Cybersecurity?

WhiteHat ‘Essentials’ Product Line Unveiled for High-speed, Fully-automated Security Testing in the DevOps Build/Test Phase

WhiteHat Security: Top 10 Application Security Vulnerabilities of 2018

UBM Dark Reading Report Reveals the State of Application Security, Barriers to Hacker-proof Software

Securing APIs is not mission impossible

Industry Experts Look to the Future of Cybersecurity

Developing Tests and Rules for Application Security

Six Security Predictions for 2019 from WhiteHat Experts

The Shape of Cybersecurity in EMEA – Looking Back to Look Forward

Why Is Application Security Important? And What Does the Future Have in Store?

How Security Views and Approaches Have Shifted in 2018

What Hackers Give Thanks For

Application Security: The Backbone of Black Friday

The Risks of ‘Bring Your Own App’ Policies at Work–and How to Make Them Safer

“Website Security by WhiteHat” Trust Mark Program Updated

Election Security: We Need to Stop Hackers from Rocking the Vote

Application security space quickly becoming a hot tech property

Part II: Ensuring Election Day Results with Security and Integrity

Part I: Why is America’s Voting System Security Broken?

National Cyber Security Awareness Month Series: How Critical is Critical Infrastructure Security?

National Cyber Security Awareness Month Series: Online Safety at Work

National Cyber Security Awareness Month Series: C-level Career Advice from WhiteHat CEO Craig Hinkley

WhiteHat Security Introduces Dynamic Single-page Application Scanning for an Automated, Seamless Customer Experience

National Cyber Security Awareness Month Series: WhiteHat’s Chief Scientist Eric Sheridan Says Communication and Cooperation are Critical for Security Careers

2018 WhiteHat Application Security Statistics Report is a Call to Arms for DevOps Teams

National Cybersecurity Awareness Month – Creating a haven for online safety

What Facebook’s Hack Can Teach about Token Theft

WhiteHat Security Coder Profile: Abishek Ramasubramanian

Stopping Magecart Attacks

National Coding Week: Application Security Shortcomings and Solutions

National Coding Week ‘Woman of WhiteHat’ Feature: Ruth Iverson

The Future of ML at WhiteHat Security

ML in Cybersecurity

ML and Vulnerability Verification at WhiteHat Security

WhiteHat Sentinel Dynamic: Bringing Deeper Artificial Intelligence Capabilities to DAST and Empowering DevSecOps

Protecting Apache Struts through DAST, SAST, and SCA

Static Analysis (SAST) and the Truth About False Positives

Circumventing a Blacklist to Exploit Cross-Site Scripting

CVSS v3 – Updating Risk Quantification

Becoming an Admin Through Broken Access Control Policy

Breaking the Bank

The Security Angle on Angular

Product Management Update: Associated Host Names, BLAs, a new Vulnerability

Compromising a User’s System with Reflected File Download

Crash Course Series #1 – Additional Q&A

Open Source Applications and XSS Attacks

Developers Care about Security: Myth or Reality?

Facebook, APIs, and Application Data Mining

Securing the APIs and Microservices Essential to Digital Transformation

WhiteHat Security’s Most Popular Whitepapers of 2017

Cyber Attackers: A perfect 10! Olympic Committee: Failed to qualify.

You ARE the weakest link!

Software Composition Analysis: Identify Risk in Open Source Components

The Meltdown Over Spectre

ROBOT: For When the Metal Ones Decide to Come for You

Security Predictions 2018

OWASP – The Superhero of AppSec

Prediction: Automatic Updates are the Future

Who’s Driving Security for Uber?

Tips for Safe Shopping in Stores or Online During the Holiday Season

“HREF with Target” Weakness

National Cyber Security Awareness Month, Week 4: A Career in Cyber Security

Bad Rabbit Ransomware

The KRACK Attack

Interview with an AppSec Professional: Designing an AppSec from the Inside Out

National Cyber Security Awareness Month, Week 3:  Beware your connected devices!

Find Web App Vulnerabilities for Free with WhiteHat Sentinel Dynamic!

Can you hear me now? APIs are vulnerable!

National Cyber Security Awareness Month, Week 2: Cybersecurity in the Workplace is Everyone’s Business, but your Passwords are NOT!

Have you done this yet? Actions you should take following the recent Equifax, Sonic and Whole Foods breaches

National Cyber Security Awareness Month STOP. THINK. CONNECT. A few quick tips for online safety

Whole Foods, Sonic Drive-in… POS System breaches. Why are we still seeing breaches like this?

Learn the Secret to Secure Application Development at JavaOne

What can you do today to prevent a breach?

WhiteHat Scout: Design Secure Software from the First Line of Code

Breach Related To Apache Struts 2

An Application Security Education Repository

What you can do now to protect yourself against ID theft

How to Get a Job in Cybersecurity

The New York Cyber Security Regulation: An Application Security Perspective

“Alexa, Who is WhiteHat Security?” Voice Search Now Available!

Developer’s Corner: WhiteHat Sentinel APIs

The Sad Tale of the Copycat Hijacker

It’s here: The 2017 WhiteHat Security Application Security Statistics Report!

To #Petya or #NotPetya – It’s an Important Question

Good Security Questions vs Social Media

A Model for Successful IoT Security Assessment

Data Officers and the GDPR

Silicon Valley Young Coders Club

The WannaCry Cry Heard ‘Round the World: Why was this allowed to happen?!

Abuse of Functionality: The Intersection of Application Security and Ransomware

Top 10 Vulnerabilities in Mobile Applications

74 Countries and Counting… Today’s Massive Ransomware Attack

Spotlight: Women in AppSec – Sales Engineering

Seamless SAST Vulnerability Remediation

Working with Autism in Application Security

What’s new in OWASP: APIs and Mitigation

WhiteHat Certified Secure Developer Program Off to a Roaring Start

3 Ways To Empower Developers to Actually FIX Security Vulnerabilities as Part of their DevOps Workflows

Women in AppSec: Post-Webinar Thoughts and Q&A

App Permissions: Beware the Hidden Accesses

Apache Struts 2 CVE-2017-5638: Are My Applications Vulnerable to Remote Code Execution?

Evolution and the Movement of AppSec to the Cloud

Verizon Needed a Security Facts Label

Introducing the WhiteHat Certified Secure Developer Program

Our Top 5 Most Watched Webinars of 2016

Service Delivery Tech Talk: Path Traversal Attack Solutions – Part 2

Service Delivery Tech Talk: Directory Traversal Attack & Defense – Part 1

More Security Predictions: 2017 Will be a Mixed Bag

Security Predictions – 2017

Blockchain Technology Explained – An Executive Summary

Researchers and technologists alike are talking about how blockchain technology is the next big thing across industries from finance to...

Top 10 Web Hacking Techniques of 2015

UPDATE – 4/20/2016 We have our Top 10 list folks! After a lot of coordination, research, voting by the community and...

CVE-2015-0204 Freak Attack

It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade...

Top 10 Website Hacking Techniques of 2014

UPDATE – 3/19, 11:00 a.m PT We have our Top 10 list folks! After weeks of coordination, research, voting by...

North Korea’s Naenara Web Browser: It’s Weirder Than We Thought

Naenara Browser is the DPRK’s version of Firefox that comes built into Red Star OS, the official operating system of...

List of Common HTTP Headers

Every few months I find myself looking up up the syntax of a relatively obscure, common HTTP headers. Regularly I...

Why com.com Should Scare You

A long time ago I began to compile a list of lesser known but still very scary choke points on...

Bypassing Internet Explorer’s Anti-XSS Filter

There’s a problem with the reflective Cross Site Scripting (“XSS”) filter in Microsoft’s Internet Explorer family of browsers that extends...

Top 10 Proactive Web Application Security Measures

I think a lot of web designers and web masters have almost no idea what are the most important things...

The Case of an Unconventional CSRF Attack in Firefox

It appears that an unconventional method of Cross Site Request Forgery may be made exploitable by using Firefox versions 21...

Web Storage Security

The web waits for no one, not even W3C. While the HTML5 specification isn’t finalized, and HTML5 Storage has even...

Interview With A Blackhat (Part 1)

[This interview openly discusses criminal activities from the perspective of an admitted criminal. You may find this content distressing, even...

How I stole source code with Directory Indexing and Git

The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking...

Password Cracking AES-256 DMGs and Epic Self-Pwnage

Two weeks ago I was in the midst of a nightmare. I’d forgotten a password. Not just any password. THE...

Handling Untrusted JSON Safely

JSON (JavaScript Object Notation) is quickly becoming the de-facto way to transport structured text data over the Web, a job also...

7 Ways Vulnerability Scanners May Harm Websites and What To Do About It

Whether we like it or not, whether we want them to or not, whether it’s legal or not, there are...

Session Fixation Prevention in Java

What is it and why should I care? Session fixation, by most definitions, is a subclass of session hijacking. The...

X-Frame-Options (XFO) Detection from Javascript

X-Frame-Options (XFO) is an HTTP response header, mostly used to combat Clickjacking, that informs a Web browser if the page...

Content Security Policy

What is it and why should I care? Content Security Policy (CSP) is a new(ish) technology put together by Mozilla...

CSRF Prevention in Java

What is it and why should I care? Cross-Site Request Forgery (CSRF) is an attack where victims are forced to...

HTTP Strict Transport Security

What is it and why should I care? HTTP Strict Transport Security (HSTS) is a new(ish) technology that allows an...

Session Cookie HttpOnly Flag Java

What is it and why should I care? Session cookies (or, to Java folks, the cookie containing the JSESSIONID) are...

Clickjacking Prevention in Java

What is it and why should I care? Clickjacking prevention is a type of “Web framing” or “UI redressing” attack....

X-Frame-Options

What is it and why should I care? X-Frame-Options (moving towards just Frame-Options in a draft spec – dropping the...

Hash Length Extension Attacks

It seems that many penetration testers rarely test cryptographic vulnerabilities. I’ve always been interested in cryptography, so I’ve made it...

Beware the HTTP Path Parameter in Java

Please forgive the title, but today’s topic is something to be wary of if you write (or use) any access...

Session Cookie Secure Flag Java

What is it and why should I care? Session cookies (or, to Java folks, the cookie containing the JSESSIONID) are...

Error Handling in Java web.xml

What is it and why should I care? Error or exception handling is an important, but often ignored, part of...

A Single-Site Browser’s impact on XSS, CSRF, and Clickjacking

A Single-Site Browser (SSB) is a highly restricted Web browser only capable of connecting to a single website. A “website”...

sIFR3 Cross Site Scripting

  WhiteHat Security Vulnerability Advisory Affected Product:   scalable Inman Flash Replacement (sIFR) version 3 Vulnerability:   Cross Site Scripting CVE ID:  ...

Magic Hashes

For more than the last decade, PHP programmers have been wrestling with the equals-equals (==) operator. It’s caused a lot...

4 Tips to Get a Conference “Call for Papers” Submission Accepted

If you’ve done unique research in information security, work that others would be interested in learning, the conference circuit provides...