logo NTT APPSEC

AppSec Stats Flash: 2021 Year in Review

CONTINUE READING
Security Specialist|May 17, 2022

This blog was co-authored by Eric Rodriguez, Sarah Perkins, and Vishrut Iyengar – NTT AppSec Security Staff. Spring is upon...

CONTINUE READING
Eric Sheridan|May 10, 2022

If we are to “containerize all the things”, as one meme put it, then it would be natural to leverage...

CONTINUE READING
Zach Jones|May 9, 2022

As of last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This...

CONTINUE READING
Danny Thomas|May 5, 2022

May 5th, 2022 is World Password Day and this year, more than years past, it’s a really important day. It’s...

CONTINUE READING
Craig Hinkley|April 27, 2022

Today, we are thrilled to share the exciting news that Synopsys has signed a definitive agreement to acquire WhiteHat Security...

CONTINUE READING
Chris Marsh|April 15, 2022

Accountants aren’t the only ones putting in overtime during tax season. It’s also the busiest time of the year for...

CONTINUE READING
Vishrut Iyengar|April 13, 2022

Due to the sensitive and proprietary information businesses within this industry store and create, it’s not surprising that manufacturing organizations...

CONTINUE READING
Christie Stewart|April 7, 2022

Developer Spotlight: Protecting Your Site from Server Side Request Forgery (SSRF) The security landscape is always changing. As software developers,...

CONTINUE READING
Sarah Perkins|April 1, 2022

“Since March began thirty days and two,”[1] hackers’ distinctive humorous style has continually regaled. Whether you’re a fan of obscure...

CONTINUE READING
Security Specialist|March 31, 2022

UPDATE : April 12, 2022 As a summary and update to this evolving situation, the NTT Application Security teams have...

CONTINUE READING
Andrew Bolster|March 17, 2022

In honor of St. Patrick’s Day, NTT Application Security would like to celebrate our employees at the Belfast office. So,...

CONTINUE READING
John Cardani-Trollinger|March 10, 2022

Two weeks ago, the world watched in horror as Russia launched an unprovoked attack on Ukraine, a democratically elected, sovereign...

CONTINUE READING
Lauren Johnson|March 8, 2022

The observation of International Women’s Day has gone on since the early 1900s. Since its beginnings, the world has experienced...

CONTINUE READING
Sarah Perkins|February 14, 2022

We understand that Heartbleed can lead to heartbreak and potential reputational damage. And a good application security solution should be...

CONTINUE READING
Security Specialist|February 9, 2022

The last year has been marked by the rapid progress of transformational DevOps models. IT teams are grappling with how...

CONTINUE READING
Wendy Foote|January 28, 2022

The rate at which Data Privacy Laws in the U.S., Europe, and other countries are evolving is not slowing down....

CONTINUE READING
Chris Marsh|January 25, 2022

As Log4j and other zero-day vulnerabilities increasingly disrupt digital business operations around the world, enterprises’ public-facing web applications and APIs...

CONTINUE READING
Dave Gerry|January 21, 2022

The onset of the pandemic caused a high unemployment rate, resulting in layoffs that impacted various roles across industries. With...

CONTINUE READING
Chris Marsh|January 11, 2022

For more than 20 years, the WhiteHat brand name has been synonymous with application security innovation. Today, we’re unveiling what...

CONTINUE READING
Chris Leffel|January 7, 2022

Updates from NTT Application Security Updated January 7, 2022 – CVE-2021-44228 by Drew Streib – Head of Architecture and Operations...

CONTINUE READING
Chris Marsh|December 9, 2021

It’s a historic day at NTT Application Security. For just over 20 years, we have served as pioneers in the...

CONTINUE READING
Danny Thomas|November 23, 2021

The biggest shopping time of the year is fast approaching, and for consumers this year it means shopping primarily online....

CONTINUE READING
Chris Marsh|November 18, 2021

What would you do if an online retailer exposed your credit card or personal information due to a security breach?...

CONTINUE READING
Chris Marsh|November 17, 2021

We’re thrilled to announce that this month, NTT Application Security was recognized as a Gartner Peer Insights Customers’ Choice for...

CONTINUE READING
Lauren Johnson|October 28, 2021

Over the last 10 months of AppSec Stats Flash, a few trends have come to light. Breach exposure by applications...

CONTINUE READING
Danny Thomas|October 27, 2021

Welcome to week four of Cybersecurity Awareness Month! The events of the past two years have accelerated a near complete...

CONTINUE READING
Judy Sunblade|October 20, 2021

As we continue to celebrate National Cybersecurity Awareness Month 2021, it’s important to highlight the ever-increasing role that women are...

CONTINUE READING
Cody Beers|October 13, 2021

Phishing is a type of social engineering attack where the attacker sends malicious links or attachments, usually via email, in...

CONTINUE READING
Lauren Johnson|October 8, 2021

In this month’s Security in the Fast Lane podcast, Setu Kulkarni, VP of Corporate Strategy & Business Development for NTT...

CONTINUE READING
Eric Rodriguez|October 7, 2021

Welcome to Cybersecurity Awareness Month 2021! It’s been a rollercoaster of a year in cybersecurity, with the workforce embracing a...

CONTINUE READING
Security Specialist|October 6, 2021

September marks the end of summer and the start of another school year. With some schools continuing to focus on...

CONTINUE READING
Lauren Johnson|September 28, 2021

How Digitally Safe is Back to School? The pandemic forced many industries to accelerate their adoption of technology in order...

CONTINUE READING
Chris Marsh|September 23, 2021

In case you missed the news, NTT Application Security welcomed Vlad Nisic to the team as the company’s first VP...

CONTINUE READING
Joseph Feiman|September 16, 2021

DevOps has not yet become DevSecOps, leaving DevOps unsecured. Everyone speaks of it, but very few organizations have mastered it....

CONTINUE READING
Danny Thomas|September 14, 2021

A month ago, NTT released an Intelligence Report from the Global Threat Intelligence Center (GTIC). Highlighted in that report was...

CONTINUE READING
Chris Marsh|September 9, 2021

With Black Hat 2021 now in the rear-view mirror, August netted-out to be another busy month in cybersecurity news thanks...

CONTINUE READING
Lauren Johnson|September 7, 2021

“There are known knowns. There are things we know we know. We also know there are known unknowns. That is...

CONTINUE READING
Setu Kulkarni|August 30, 2021

The threat of cyberattacks continues to rise unabated, and Washington is taking urgent notice. The recent attack on the Colonial...

CONTINUE READING
Cody Beers|August 26, 2021

Server Misconfiguration – 2021 On August 15th, 2021, Vice reported that a hacker had breached multiple T-Mobile servers, affecting between...

CONTINUE READING
Lauren Johnson|August 24, 2021

Application security is becoming an increasingly top of mind issue for the average person. High-profile breaches are happening more frequently,...

CONTINUE READING
Security Specialist|August 19, 2021

Operationalizing the Modern AppSec Framework Whether you’ve been following our 3-Part Summer webinar series or you’re just now joining us,...

CONTINUE READING
Lauren Johnson|August 17, 2021

Everyone in the world should be cyber-aware to a basic level, but shouldn’t the developers creating applications be well versed...

CONTINUE READING
Security Specialist|August 13, 2021

The NTT Application Security team intrepidly traveled to Las Vegas to attend the 2021 edition of Black Hat USA. While...

CONTINUE READING
Security Specialist|August 4, 2021

In the weeks leading up to Black Hat, there has been no shortage of news impacting the security industry. From...

CONTINUE READING
Lauren Johnson|July 30, 2021

NTT Application Security has been monitoring and reporting on the state of application security monthly since January 2021. Over the...

CONTINUE READING
Lauren Johnson|July 21, 2021

The Black Hat USA Conference is back in 2021—both in-person and virtually—and we’re beyond excited to see everyone next month...

CONTINUE READING
Cody Beers|July 15, 2021

McDonalds, Wegman’s, medical industry victimized by data breaches McDonald’s Get Bit The fast-food giant was hit with a data breach...

CONTINUE READING
Security Specialist|July 14, 2021

Organizations need to develop and deliver secure applications fast. Unfortunately, the traditional software development lifecycle (SDLC) paradigm no longer works...

CONTINUE READING
Michael Fillers|July 13, 2021

It’s one of the most common phrases in all sports, and rightly so. Take a look at any championship team...

CONTINUE READING
Craig Hinkley|July 1, 2021

As you may already know, WhiteHat Security was acquired by NTT Security in July of 2019. Over the past two...

CONTINUE READING
Danny Thomas|June 28, 2021

A new report published this month by NTT’s Global Threat Intelligence Center (GTIC) is shedding new light on the Colonial...

CONTINUE READING
Chris Marsh|June 23, 2021

  Hop in the DeLorean. It’s time to go DAST—to the Future! In WhiteHat’s latest white paper—DAST to the Future: Shifting...

CONTINUE READING
Lauren Johnson|June 22, 2021

Over the last 6 months, WhiteHat has been tracking some key application security statistics alongside the fast-evolving threat landscape. In...

CONTINUE READING
Security Specialist|June 3, 2021

This morning we released the first episode of our new “Security in the Fast Lane” podcast series. This series provides...

CONTINUE READING
Danny Thomas|May 31, 2021

Today is Memorial Day—a day to honor those who’ve served in America’s armed forces, remember those we’ve lost, and celebrate...

CONTINUE READING
Chris Marsh|May 28, 2021

Just when we thought we had seen the worst when April’s news broke of Facebook and Clubhouse breaches, we were...

CONTINUE READING
Chris Marsh|May 27, 2021

The ransomware attack on the Colonial Pipeline sent shockwaves through the security industry and American society alike. In this month’s...

CONTINUE READING
Chris Marsh|May 18, 2021

In case you (virtually) missed us at RSAC 2021, we are thrilled to announce that WhiteHat has been recognized as...

CONTINUE READING
Lauren Johnson|May 17, 2021

As we head into RSA Conference 2021, memories of the event last year come into clearer focus. We remember when...

CONTINUE READING
Cody Beers|May 12, 2021

Going back a decade, credit reporting giant Experian has been the target of several major leaks and breaches.   There was...

CONTINUE READING
Chris Marsh|May 11, 2021

We live in a world where only three things are certain: death, taxes and breaches. Nearly every day, WhiteHat’s team...

CONTINUE READING
Cody Beers|April 28, 2021

In January of this year, Ubiquiti notified its customers that there had been a breach affecting part of their IT...

CONTINUE READING
Chris Marsh|April 27, 2021

It’s an exciting day at WhiteHat with the launch of Attack Surface Management powered by Bit Discovery – an innovative...

CONTINUE READING
Chris Marsh|April 26, 2021

Each month, the AppSec Stats Flash reflects on the evolving threat landscape, tracks key AppSec metrics on an ongoing basis...

CONTINUE READING
Eric Sheridan|April 20, 2021

According to Postman, the development and adoption of APIs continues to skyrocket due to shifts in consumer, architecture and infrastructure...

CONTINUE READING
Cody Beers|April 13, 2021

It has been a little over three months since the SolarWinds Supply-Chain Attack was first discovered, but the full impact...

CONTINUE READING
Chris Marsh|April 1, 2021

Joseph Feiman, Chief Strategy Officer at WhiteHat Security, has been named a finalist in the 2021 SC Awards for Security...

CONTINUE READING
Chris Marsh|March 25, 2021

AppSec Stats Flash returns this month with today’s release of Vol. 3 — you can stream the podcast below and...

CONTINUE READING
Andrew Bolster|March 18, 2021

Beneath the cynicism, hyperbole, market–making and FUD; the strategic importance of AI in Cybersecurity is only constrained by us ‘meatbags’.  Being...

CONTINUE READING
Security Specialist|March 8, 2021

According to the Women in Cybersecurity Report by ISC, women working in cybersecurity currently account for about one-quarter (24%) of...

CONTINUE READING
Shweta Khare|February 16, 2021

What are Business Logic Assessments and how are they Different from Pen Tests? Business Logic Assessments (BLAs) are manual assessments...

CONTINUE READING
Shweta Khare|January 28, 2021

To accept cookies or to not accept cookies, that is the question. Find yourself ignoring that relentless cookie consent banner?...

CONTINUE READING
Shweta Khare|January 12, 2021

2020 saw most businesses hastily pivot to digital business models which makes almost every industry more vulnerable to cyberattacks than...

CONTINUE READING
NTT Application Security|December 10, 2020

Digital transformation has morphed from a competitive advantage to a necessity for business survival. As applications are produced faster and...

CONTINUE READING
Shweta Khare|November 30, 2020

November 30th is National Computer Security Day reminding people to take ownership of their online presence and identity. We are...

CONTINUE READING
Rachel Weikum|November 17, 2020

Women make up 47 percent of the workforce in America yet hold only 26 percent of technology roles. This indentation...

CONTINUE READING
Craig Hinkley|November 10, 2020

Veterans Day is an important day set aside to honor and show appreciation for ALL who have served in the...

CONTINUE READING
Shweta Khare|November 4, 2020

The Pharmaceutical Industry is Heavily Targeted During the Global Crisis During the current pandemic, cybercriminals are specifically targeting healthcare, pharmaceutical,...

CONTINUE READING
Rachel Weikum|October 27, 2020

Our CEO, Craig Hinkley, and our VP of Strategy, Setu Kulkarni, kicked off our support for National Cybersecurity Awareness Month...

CONTINUE READING
Craig Hinkley|October 15, 2020

On November 3rd, one of the most critical decisions in this country will be made, a collective decision made by...

CONTINUE READING
Setu Kulkarni|October 14, 2020

With certain measures in place, organizations can defer intrusions and respond quickly when they occur By Setu Kulkarni, VP, Strategy...

CONTINUE READING
Shweta Khare|September 30, 2020

Applications are the driving force of this new world economy, however, security teams are frustrated and overwhelmed as they struggle...

CONTINUE READING
Security Specialist|September 29, 2020

Continuing to raise awareness about the importance of cybersecurity across our nation, is what National Cybersecurity Awareness Month (NCSAM) is...

CONTINUE READING
Shweta Khare|September 10, 2020

Growing Cyber Threats to the Financial Industry As highly regulated industries, much is at stake for banks and financial services...

CONTINUE READING
Security Specialist|September 8, 2020

WHAT: WhiteHat Security, an independent, wholly owned subsidiary of NTT Ltd. and a leading application security provider, will present a...

CONTINUE READING
Judy Sunblade|August 27, 2020

Automation can help narrow the gap between security needs and security resources Most mobile applications fail critical security tests. Quite...

CONTINUE READING
Kashif Hafeez|July 21, 2020

At the intersection of digital transformation The last few months have been unprecedented times for all of us. Individuals, organizations,...

CONTINUE READING
NTT Application Security|May 12, 2020

As your trusted partner in application security, we are committed to delivering the experience you know and trust in an...

CONTINUE READING
Craig Hinkley|May 5, 2020

Gartner just published its 2020 Magic Quadrant for Application Security Testing (AST), and we’re pleased to be named a Leader!...

CONTINUE READING
Anthony Bettini|March 31, 2020

In application security, so often the cause of vulnerabilities can be traced to the development process. It’s the nature of...

CONTINUE READING
Craig Hinkley|March 30, 2020

In 2018, nearly a quarter of the American workforce was already working remotely. While we’ve had available technology to support...

CONTINUE READING
Shweta Khare|March 17, 2020

“Russian hackers accessed voter databases in two Florida counties prior to the 2016 presidential elections.” 1 “It only took a...

CONTINUE READING
Anthony Bettini|March 11, 2020

The WhiteHat Security team recently returned from the RSA Conference in San Francisco. This year’s theme was “The Human Element,” emphasizing...

CONTINUE READING
Jessica Marie|March 9, 2020

International Women’s Day originated as a way to end discrimination against women around the world. Nowadays, it is recognized as...

CONTINUE READING
Bryan Becker|March 6, 2020

For most Americans, Tax Day (April 15) is a dreaded, recurring deadline (or headache) on the calendar that many will...

CONTINUE READING
Bryan Becker|March 5, 2020

The WhiteHat Security team has just returned from another successful RSA Conference in San Francisco. Focused on ‘the human element’...

CONTINUE READING
Anthony Bettini|March 3, 2020

In recent weeks, news broke that Docker registry misconfigurations could have exposed countless organizations to data theft and supply-chain attacks,...

CONTINUE READING
NTT Application Security|February 25, 2020

On Jan. 8, we learned that a series of vulnerabilities in the popular social media app TikTok left the personal...

CONTINUE READING
NTT Application Security|February 18, 2020

With the tensions in Iran escalating over the past few weeks, nation-state cyberattacks have been on the forefront of government...

CONTINUE READING
Mark Rogan|February 11, 2020

Applications are quickly becoming a top target for digital adversaries, as more businesses rely on them to drive their revenue...

CONTINUE READING
Shweta Khare|February 4, 2020

Mobile app security can be very challenging. It’s an attack surface that is often an easy entry point for hackers...

CONTINUE READING
Bryan Becker|January 29, 2020

For many people, January is primetime to finally install or deploy new technology like home care gadgets they were gifted...

CONTINUE READING
Craig Hinkley|January 21, 2020

2020 is upon us, and with a new calendar year comes new goals and New Year’s resolutions. As expected, all...

CONTINUE READING
NTT Application Security|January 16, 2020

For decades, nation-state attacks have caused serious havoc across the world, primarily targeting critical infrastructure such as power grids and...

CONTINUE READING
NTT Application Security|January 13, 2020

As we head into 2020, application security remains an essential consideration for every organization operating in this digital era. We’ve...

CONTINUE READING
NTT Application Security|January 6, 2020

The trend to outsource a development project or the development function has been growing in recent years, and for some...

CONTINUE READING
Bryan Becker|December 30, 2019

As 2019 draws to a close and we reflect on our accomplishments and determine how we can improve in the...

CONTINUE READING
Shweta Khare|December 17, 2019

Out of the 350 popular Android apps reviewed, 70% leak sensitive personal data (2019 WhiteHat Security Stats Report findings in...

CONTINUE READING
Bryan Becker|December 9, 2019

With the holiday season now in full swing, retail companies have been readying their stores and websites for the influx...

CONTINUE READING
Shweta Khare|December 5, 2019

A recent study by Zimperium of the world’s leading travel applications to understand how they manage users’ security and privacy...

CONTINUE READING
Eric Sheridan|December 2, 2019

While nearly 75 percent of developers worry about the security of their applications, and 85 percent rank security as very...

CONTINUE READING
Craig Hinkley|November 25, 2019

Whether you’re planning to celebrate Thanksgiving with family, a Friendsgiving with your closest mates or perhaps even a Worksgiving with...

CONTINUE READING
Craig Hinkley|November 14, 2019

It’s that time of year again: the holidays are among us. Soon, millions of us will be on the road...

CONTINUE READING
Craig Hinkley|November 11, 2019

If you work in the public sector, you’ll notice a familiar pause to your work routine this week, as many...

CONTINUE READING
Eric Sheridan|November 6, 2019

Each November, National Stress Awareness Day is recognized on the first Wednesday of the month and aims to identify and...

CONTINUE READING
Shweta Khare|November 4, 2019

The State of Data Breaches in the Healthcare Industry This decade has seen an unprecedented number of connected systems and...

CONTINUE READING
NTT Application Security|October 31, 2019

October is known for being the “spookiest” of all the months. While there’s always debate on if ghosts, ghouls and...

CONTINUE READING
Bryan Becker|October 24, 2019

Artificial intelligence (AI) is a bit of a buzzword, and it has been thrown around quite a bit in the...

CONTINUE READING
Security Specialist|October 16, 2019

The modern-day developer faces an inordinate amount of challenges daily. Between constantly fighting to create the most innovative apps to...

CONTINUE READING
NTT Application Security|October 11, 2019

October marks the 16th annual National Cyber Security Awareness Month (NCSAM). This collaborative effort between government and industry has never...

CONTINUE READING
Security Specialist|October 3, 2019

A collaborative effort between government and industry, National Cybersecurity Awareness Month (NCSAM) is observed every October in an effort to...

CONTINUE READING
NTT Application Security|October 1, 2019

Previously, we discussed in part 1 of this blog series, application security issues are becoming the first and foremost cause...

CONTINUE READING
Joseph Feiman|September 26, 2019

Whether it was the millions of users left vulnerable by Fortnite, or hackers gaining access to Dunkin’ customer accounts, 2019...

CONTINUE READING
Security Specialist|September 24, 2019

Recently, there has been a constant upward trajectory in spending on IT security, and there are no signs of that...

CONTINUE READING
Joseph Feiman|September 19, 2019

If businesses hadn’t already woken up to the financial clout that’s now in the hands of the world’s data protection...

CONTINUE READING
Francisco Cardenas|September 17, 2019

“The customer is always right,” is the go-to customer service phrase originally coined by Harry Gordon Selfridge in London in...

CONTINUE READING
Joseph Feiman|September 12, 2019

When British Airways was informed it was facing a fine of £183 million by the UK’s Information Security Commissioner (ICO)...

CONTINUE READING
Oscar Tovar|September 10, 2019

Server-side request forgery (SSRF) has been in the news recently for causing mainstream data breaches impacting hundreds of millions of...

CONTINUE READING
NTT Application Security|September 5, 2019

More and more, businesses today are staking their success on web and mobile applications. But this explosive rise in the...

CONTINUE READING
Mark Lumpkin|September 3, 2019

Thousands of people every year gather in the desert to be able to attend one of the most captivating events...

CONTINUE READING
Joseph Feiman|August 29, 2019

In the current data compliance and data security climate, empowered regulators are really flexing their muscles. Within the space of...

CONTINUE READING
NTT Application Security|August 26, 2019

Despite women gaining the equal right to vote in 1878 and the U.S. Congress designating Aug. 26 as Women’s Equality...

CONTINUE READING
Craig Hinkley|August 20, 2019

As modern application development trends go, distributed microservices architecture has been one of the most popular and successful in recent...

CONTINUE READING
Setu Kulkarni|August 13, 2019

This is the 14th year that we are publishing our annual WhiteHat Security Application Security Statistics report. Over the years, this...

CONTINUE READING
Shweta Khare|August 8, 2019

Data privacy is all about users’ personal data collected, stored or used by an organization, but are organizations doing enough...

CONTINUE READING
Kashif Hafeez|August 5, 2019

The WhiteHat Security team is seeing a massive shift towards cloud adoption largely driven by organizations looking to reduce cost,...

CONTINUE READING
Mark Rogan|August 1, 2019

“The more things change, the more they stay the same.” This simple, succinct proverb created in the 19thcentury by French...

CONTINUE READING
Kashif Hafeez|July 23, 2019

If the title on your office door says, ‘Chief Information Security Officer (CISO),’ chances are, your days are consumed with...

CONTINUE READING
Bryan Becker and Simon Whittaker|July 16, 2019

It’s in the nature of cybersecurity that every technology vendor and service provider is vulnerable to security breaches and attacks...

CONTINUE READING
Craig Hinkley|July 9, 2019

Signed, sealed, delivered…WhiteHat Security is happy to announce that the acquisition by NTT Security is now complete! Back in March...

CONTINUE READING
Shilpa Narsikar|July 1, 2019

Recently, I was out on a shopping trip at a department store, and I saw an employee scrambling to help...

CONTINUE READING
Donna Estrin|June 21, 2019

With women staffing less than 20 percent of technology jobs in the United States, despite making up more than half...

CONTINUE READING
Rachel Andrews|June 19, 2019

From a very young age, I had always had a keen interest in technology. I always found myself wanting to...

CONTINUE READING
Joseph Feiman|June 11, 2019

Speed to market has been everything in the software development world. But over time we’ve discovered that speed alone cannot...

CONTINUE READING
Donna Estrin|June 3, 2019

It’s no secret that the gender gap in technology is still an issue today. According to a study by PwC, only...

CONTINUE READING
Ruchika Mishra|May 28, 2019

JavaScript is the programming language used to program the behavior of webpages, including creating interactive features like menus, forms, animations,...

CONTINUE READING
NTT Application Security|May 28, 2019

Cross-Site Request Forgery (CSRF) generates many questions from prospects, customers, partners, and Web application security professionals we work with. The questions...

CONTINUE READING
Wendy Foote|May 28, 2019

Is your organization compliant with the security standards and regulations implemented by your industry, state, or country that are applicable...

CONTINUE READING
Donna Estrin|May 20, 2019

For women in cybersecurity looking to take the next step in their career, navigating that pathway can be challenging. Women...

CONTINUE READING
Debbie Klett|May 14, 2019

In today’s digital economy, time to market is everything. Organizations are expected to release applications and updates on a near-continuous...

CONTINUE READING
Donna Estrin|May 7, 2019

As most people know, there are a lot of moving parts that go into running a cybersecurity company. With products...

CONTINUE READING
Sandeep Potdar|May 3, 2019

In the application security space, customers and prospects tell the same story time and time again: “We set up an...

CONTINUE READING
Sandeep Potdar|April 25, 2019

Software composition analysis (SCA) allows organizations to identify third-party and open source components that have been integrated into all applications,...

CONTINUE READING
Matt Handler|April 11, 2019

Everyone knows that there are two things that are certain in life: death and taxes. However, in recent years as...

CONTINUE READING
Joseph Feiman|April 9, 2019

The popularity of reusable software components has soared throughout the developer community in recent years, largely due to the convenience...

CONTINUE READING
Eric Sheridan|April 1, 2019

It Gets Worse Before it Gets Better For every 100KLOC, a monolithic application will have an average of 39 vulnerabilities,...

CONTINUE READING
Carla Wasko|March 26, 2019

There’s been much public debate in the tech industry around a growing shortage of qualified tech talent that’s making it...

CONTINUE READING
NTT Application Security|November 21, 2018

CONTINUE READING
Shivajee Samdarshi|September 13, 2018

CONTINUE READING
Ryan O'Leary|October 25, 2017

CONTINUE READING
Ryan O'Leary|October 23, 2017

CONTINUE READING
Ruchika Mishra|December 1, 2016

Researchers and technologists alike are talking about how blockchain technology is the next big thing across industries from finance to...

CONTINUE READING
Kuskos|January 12, 2016

UPDATE – 4/20/2016 We have our Top 10 list folks! After a lot of coordination, research, voting by the community and...

CONTINUE READING
Ryan O'Leary|May 28, 2015

It has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade...

CONTINUE READING
Matt Johansen|March 19, 2015

UPDATE – 3/19, 11:00 a.m PT We have our Top 10 list folks! After weeks of coordination, research, voting by...

CONTINUE READING
Robert Hansen|January 8, 2015

Naenara Browser is the DPRK’s version of Firefox that comes built into Red Star OS, the official operating system of...

CONTINUE READING
Robert Hansen|February 10, 2014

Every few months I find myself looking up up the syntax of a relatively obscure, common HTTP headers. Regularly I...

CONTINUE READING
Robert Hansen|December 13, 2013

A long time ago I began to compile a list of lesser known but still very scary choke points on...

CONTINUE READING
Carlos Munoz|December 4, 2013

There’s a problem with the reflective Cross Site Scripting (“XSS”) filter in Microsoft’s Internet Explorer family of browsers that extends...

CONTINUE READING
Robert Hansen|July 13, 2013

I think a lot of web designers and web masters have almost no idea what are the most important things...

CONTINUE READING
Kuskos|June 27, 2013

It appears that an unconventional method of Cross Site Request Forgery may be made exploitable by using Firefox versions 21...

CONTINUE READING
Zach Jones|May 28, 2013

The web waits for no one, not even W3C. While the HTML5 specification isn’t finalized, and HTML5 Storage has even...

CONTINUE READING
Robert Hansen|May 21, 2013

[This interview openly discusses criminal activities from the perspective of an admitted criminal. You may find this content distressing, even...

CONTINUE READING
Kuskos|May 21, 2013

The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking...

CONTINUE READING
Jeremiah Grossman|February 7, 2013

Two weeks ago I was in the midst of a nightmare. I’d forgotten a password. Not just any password. THE...

CONTINUE READING
Jim Manico|January 11, 2013

JSON (JavaScript Object Notation) is quickly becoming the de-facto way to transport structured text data over the Web, a job also...

CONTINUE READING
Jeremiah Grossman|November 7, 2012

Whether we like it or not, whether we want them to or not, whether it’s legal or not, there are...

CONTINUE READING
johnmelton|August 28, 2012

What is it and why should I care? Session fixation, by most definitions, is a subclass of session hijacking. The...

CONTINUE READING
Jeremiah Grossman|June 18, 2012

X-Frame-Options (XFO) is an HTTP response header, mostly used to combat Clickjacking, that informs a Web browser if the page...

CONTINUE READING
johnmelton|June 7, 2012

What is it and why should I care? Content Security Policy (CSP) is a new(ish) technology put together by Mozilla...

CONTINUE READING
johnmelton|May 31, 2012

What is it and why should I care? Cross-Site Request Forgery (CSRF) is an attack where victims are forced to...

CONTINUE READING
johnmelton|May 24, 2012

What is it and why should I care? HTTP Strict Transport Security (HSTS) is a new(ish) technology that allows an...

CONTINUE READING
johnmelton|May 17, 2012

What is it and why should I care? Session cookies (or, to Java folks, the cookie containing the JSESSIONID) are...

CONTINUE READING
johnmelton|May 10, 2012

What is it and why should I care? Clickjacking prevention is a type of “Web framing” or “UI redressing” attack....

CONTINUE READING
johnmelton|April 6, 2012

What is it and why should I care? X-Frame-Options (moving towards just Frame-Options in a draft spec – dropping the...

CONTINUE READING
Douglass Clem|March 30, 2012

It seems that many penetration testers rarely test cryptographic vulnerabilities. I’ve always been interested in cryptography, so I’ve made it...

CONTINUE READING
johnmelton|March 23, 2012

Please forgive the title, but today’s topic is something to be wary of if you write (or use) any access...

CONTINUE READING
johnmelton|March 16, 2012

What is it and why should I care? Session cookies (or, to Java folks, the cookie containing the JSESSIONID) are...

CONTINUE READING
johnmelton|March 9, 2012

What is it and why should I care? Error or exception handling is an important, but often ignored, part of...

CONTINUE READING
Jeremiah Grossman|February 8, 2012

A Single-Site Browser (SSB) is a highly restricted Web browser only capable of connecting to a single website. A “website”...

CONTINUE READING
Jason Calvert|December 14, 2011

  WhiteHat Security Vulnerability Advisory Affected Product:   scalable Inman Flash Replacement (sIFR) version 3 Vulnerability:   Cross Site Scripting CVE ID:  ...

CONTINUE READING