AppSec Stats Flash: 2021 Year in Review is out now. This edition of the AppSec Stats Flash report takes a comprehensive look back at 2021...
CONTINUE READINGThis blog was co-authored by Eric Rodriguez, Sarah Perkins, and Vishrut Iyengar – NTT AppSec Security Staff. Spring is upon...
CONTINUE READINGIf we are to “containerize all the things”, as one meme put it, then it would be natural to leverage...
CONTINUE READINGAs of last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This...
CONTINUE READINGMay 5th, 2022 is World Password Day and this year, more than years past, it’s a really important day. It’s...
CONTINUE READINGToday, we are thrilled to share the exciting news that Synopsys has signed a definitive agreement to acquire WhiteHat Security...
CONTINUE READINGAccountants aren’t the only ones putting in overtime during tax season. It’s also the busiest time of the year for...
CONTINUE READINGDue to the sensitive and proprietary information businesses within this industry store and create, it’s not surprising that manufacturing organizations...
CONTINUE READINGDeveloper Spotlight: Protecting Your Site from Server Side Request Forgery (SSRF) The security landscape is always changing. As software developers,...
CONTINUE READING“Since March began thirty days and two,”[1] hackers’ distinctive humorous style has continually regaled. Whether you’re a fan of obscure...
CONTINUE READINGUPDATE : April 12, 2022 As a summary and update to this evolving situation, the NTT Application Security teams have...
CONTINUE READINGIn honor of St. Patrick’s Day, NTT Application Security would like to celebrate our employees at the Belfast office. So,...
CONTINUE READINGTwo weeks ago, the world watched in horror as Russia launched an unprovoked attack on Ukraine, a democratically elected, sovereign...
CONTINUE READINGThe observation of International Women’s Day has gone on since the early 1900s. Since its beginnings, the world has experienced...
CONTINUE READINGWe understand that Heartbleed can lead to heartbreak and potential reputational damage. And a good application security solution should be...
CONTINUE READINGThe last year has been marked by the rapid progress of transformational DevOps models. IT teams are grappling with how...
CONTINUE READINGThe rate at which Data Privacy Laws in the U.S., Europe, and other countries are evolving is not slowing down....
CONTINUE READINGAs Log4j and other zero-day vulnerabilities increasingly disrupt digital business operations around the world, enterprises’ public-facing web applications and APIs...
CONTINUE READINGThe onset of the pandemic caused a high unemployment rate, resulting in layoffs that impacted various roles across industries. With...
CONTINUE READINGFor more than 20 years, the WhiteHat brand name has been synonymous with application security innovation. Today, we’re unveiling what...
CONTINUE READINGUpdates from NTT Application Security Updated January 7, 2022 – CVE-2021-44228 by Drew Streib – Head of Architecture and Operations...
CONTINUE READINGIt’s a historic day at NTT Application Security. For just over 20 years, we have served as pioneers in the...
CONTINUE READINGThe biggest shopping time of the year is fast approaching, and for consumers this year it means shopping primarily online....
CONTINUE READINGWhat would you do if an online retailer exposed your credit card or personal information due to a security breach?...
CONTINUE READINGWe’re thrilled to announce that this month, NTT Application Security was recognized as a Gartner Peer Insights Customers’ Choice for...
CONTINUE READINGOver the last 10 months of AppSec Stats Flash, a few trends have come to light. Breach exposure by applications...
CONTINUE READINGWelcome to week four of Cybersecurity Awareness Month! The events of the past two years have accelerated a near complete...
CONTINUE READINGAs we continue to celebrate National Cybersecurity Awareness Month 2021, it’s important to highlight the ever-increasing role that women are...
CONTINUE READINGPhishing is a type of social engineering attack where the attacker sends malicious links or attachments, usually via email, in...
CONTINUE READINGIn this month’s Security in the Fast Lane podcast, Setu Kulkarni, VP of Corporate Strategy & Business Development for NTT...
CONTINUE READINGWelcome to Cybersecurity Awareness Month 2021! It’s been a rollercoaster of a year in cybersecurity, with the workforce embracing a...
CONTINUE READINGSeptember marks the end of summer and the start of another school year. With some schools continuing to focus on...
CONTINUE READINGHow Digitally Safe is Back to School? The pandemic forced many industries to accelerate their adoption of technology in order...
CONTINUE READINGIn case you missed the news, NTT Application Security welcomed Vlad Nisic to the team as the company’s first VP...
CONTINUE READINGDevOps has not yet become DevSecOps, leaving DevOps unsecured. Everyone speaks of it, but very few organizations have mastered it....
CONTINUE READINGA month ago, NTT released an Intelligence Report from the Global Threat Intelligence Center (GTIC). Highlighted in that report was...
CONTINUE READINGWith Black Hat 2021 now in the rear-view mirror, August netted-out to be another busy month in cybersecurity news thanks...
CONTINUE READING“There are known knowns. There are things we know we know. We also know there are known unknowns. That is...
CONTINUE READINGThe threat of cyberattacks continues to rise unabated, and Washington is taking urgent notice. The recent attack on the Colonial...
CONTINUE READINGServer Misconfiguration – 2021 On August 15th, 2021, Vice reported that a hacker had breached multiple T-Mobile servers, affecting between...
CONTINUE READINGApplication security is becoming an increasingly top of mind issue for the average person. High-profile breaches are happening more frequently,...
CONTINUE READINGOperationalizing the Modern AppSec Framework Whether you’ve been following our 3-Part Summer webinar series or you’re just now joining us,...
CONTINUE READINGEveryone in the world should be cyber-aware to a basic level, but shouldn’t the developers creating applications be well versed...
CONTINUE READINGThe NTT Application Security team intrepidly traveled to Las Vegas to attend the 2021 edition of Black Hat USA. While...
CONTINUE READINGIn the weeks leading up to Black Hat, there has been no shortage of news impacting the security industry. From...
CONTINUE READINGNTT Application Security has been monitoring and reporting on the state of application security monthly since January 2021. Over the...
CONTINUE READINGThe Black Hat USA Conference is back in 2021—both in-person and virtually—and we’re beyond excited to see everyone next month...
CONTINUE READINGMcDonalds, Wegman’s, medical industry victimized by data breaches McDonald’s Get Bit The fast-food giant was hit with a data breach...
CONTINUE READINGOrganizations need to develop and deliver secure applications fast. Unfortunately, the traditional software development lifecycle (SDLC) paradigm no longer works...
CONTINUE READINGIt’s one of the most common phrases in all sports, and rightly so. Take a look at any championship team...
CONTINUE READINGAs you may already know, WhiteHat Security was acquired by NTT Security in July of 2019. Over the past two...
CONTINUE READINGA new report published this month by NTT’s Global Threat Intelligence Center (GTIC) is shedding new light on the Colonial...
CONTINUE READINGHop in the DeLorean. It’s time to go DAST—to the Future! In WhiteHat’s latest white paper—DAST to the Future: Shifting...
CONTINUE READINGOver the last 6 months, WhiteHat has been tracking some key application security statistics alongside the fast-evolving threat landscape. In...
CONTINUE READINGThis morning we released the first episode of our new “Security in the Fast Lane” podcast series. This series provides...
CONTINUE READINGToday is Memorial Day—a day to honor those who’ve served in America’s armed forces, remember those we’ve lost, and celebrate...
CONTINUE READINGJust when we thought we had seen the worst when April’s news broke of Facebook and Clubhouse breaches, we were...
CONTINUE READINGThe ransomware attack on the Colonial Pipeline sent shockwaves through the security industry and American society alike. In this month’s...
CONTINUE READINGIn case you (virtually) missed us at RSAC 2021, we are thrilled to announce that WhiteHat has been recognized as...
CONTINUE READINGAs we head into RSA Conference 2021, memories of the event last year come into clearer focus. We remember when...
CONTINUE READINGGoing back a decade, credit reporting giant Experian has been the target of several major leaks and breaches. There was...
CONTINUE READINGWe live in a world where only three things are certain: death, taxes and breaches. Nearly every day, WhiteHat’s team...
CONTINUE READINGIn January of this year, Ubiquiti notified its customers that there had been a breach affecting part of their IT...
CONTINUE READINGIt’s an exciting day at WhiteHat with the launch of Attack Surface Management powered by Bit Discovery – an innovative...
CONTINUE READINGEach month, the AppSec Stats Flash reflects on the evolving threat landscape, tracks key AppSec metrics on an ongoing basis...
CONTINUE READINGAccording to Postman, the development and adoption of APIs continues to skyrocket due to shifts in consumer, architecture and infrastructure...
CONTINUE READINGIt has been a little over three months since the SolarWinds Supply-Chain Attack was first discovered, but the full impact...
CONTINUE READINGJoseph Feiman, Chief Strategy Officer at WhiteHat Security, has been named a finalist in the 2021 SC Awards for Security...
CONTINUE READINGAppSec Stats Flash returns this month with today’s release of Vol. 3 — you can stream the podcast below and...
CONTINUE READINGBeneath the cynicism, hyperbole, market–making and FUD; the strategic importance of AI in Cybersecurity is only constrained by us ‘meatbags’. Being...
CONTINUE READINGAccording to the Women in Cybersecurity Report by ISC, women working in cybersecurity currently account for about one-quarter (24%) of...
CONTINUE READINGWhat are Business Logic Assessments and how are they Different from Pen Tests? Business Logic Assessments (BLAs) are manual assessments...
CONTINUE READINGTo accept cookies or to not accept cookies, that is the question. Find yourself ignoring that relentless cookie consent banner?...
CONTINUE READING2020 saw most businesses hastily pivot to digital business models which makes almost every industry more vulnerable to cyberattacks than...
CONTINUE READINGDigital transformation has morphed from a competitive advantage to a necessity for business survival. As applications are produced faster and...
CONTINUE READINGNovember 30th is National Computer Security Day reminding people to take ownership of their online presence and identity. We are...
CONTINUE READINGWomen make up 47 percent of the workforce in America yet hold only 26 percent of technology roles. This indentation...
CONTINUE READINGVeterans Day is an important day set aside to honor and show appreciation for ALL who have served in the...
CONTINUE READINGThe Pharmaceutical Industry is Heavily Targeted During the Global Crisis During the current pandemic, cybercriminals are specifically targeting healthcare, pharmaceutical,...
CONTINUE READINGOur CEO, Craig Hinkley, and our VP of Strategy, Setu Kulkarni, kicked off our support for National Cybersecurity Awareness Month...
CONTINUE READINGOn November 3rd, one of the most critical decisions in this country will be made, a collective decision made by...
CONTINUE READINGWith certain measures in place, organizations can defer intrusions and respond quickly when they occur By Setu Kulkarni, VP, Strategy...
CONTINUE READINGApplications are the driving force of this new world economy, however, security teams are frustrated and overwhelmed as they struggle...
CONTINUE READINGContinuing to raise awareness about the importance of cybersecurity across our nation, is what National Cybersecurity Awareness Month (NCSAM) is...
CONTINUE READINGGrowing Cyber Threats to the Financial Industry As highly regulated industries, much is at stake for banks and financial services...
CONTINUE READINGWHAT: WhiteHat Security, an independent, wholly owned subsidiary of NTT Ltd. and a leading application security provider, will present a...
CONTINUE READINGAutomation can help narrow the gap between security needs and security resources Most mobile applications fail critical security tests. Quite...
CONTINUE READINGAt the intersection of digital transformation The last few months have been unprecedented times for all of us. Individuals, organizations,...
CONTINUE READINGAs your trusted partner in application security, we are committed to delivering the experience you know and trust in an...
CONTINUE READINGGartner just published its 2020 Magic Quadrant for Application Security Testing (AST), and we’re pleased to be named a Leader!...
CONTINUE READINGIn application security, so often the cause of vulnerabilities can be traced to the development process. It’s the nature of...
CONTINUE READINGIn 2018, nearly a quarter of the American workforce was already working remotely. While we’ve had available technology to support...
CONTINUE READING“Russian hackers accessed voter databases in two Florida counties prior to the 2016 presidential elections.” 1 “It only took a...
CONTINUE READINGThe WhiteHat Security team recently returned from the RSA Conference in San Francisco. This year’s theme was “The Human Element,” emphasizing...
CONTINUE READINGInternational Women’s Day originated as a way to end discrimination against women around the world. Nowadays, it is recognized as...
CONTINUE READINGFor most Americans, Tax Day (April 15) is a dreaded, recurring deadline (or headache) on the calendar that many will...
CONTINUE READINGThe WhiteHat Security team has just returned from another successful RSA Conference in San Francisco. Focused on ‘the human element’...
CONTINUE READINGIn recent weeks, news broke that Docker registry misconfigurations could have exposed countless organizations to data theft and supply-chain attacks,...
CONTINUE READINGOn Jan. 8, we learned that a series of vulnerabilities in the popular social media app TikTok left the personal...
CONTINUE READINGWith the tensions in Iran escalating over the past few weeks, nation-state cyberattacks have been on the forefront of government...
CONTINUE READINGApplications are quickly becoming a top target for digital adversaries, as more businesses rely on them to drive their revenue...
CONTINUE READINGMobile app security can be very challenging. It’s an attack surface that is often an easy entry point for hackers...
CONTINUE READINGFor many people, January is primetime to finally install or deploy new technology like home care gadgets they were gifted...
CONTINUE READING2020 is upon us, and with a new calendar year comes new goals and New Year’s resolutions. As expected, all...
CONTINUE READINGFor decades, nation-state attacks have caused serious havoc across the world, primarily targeting critical infrastructure such as power grids and...
CONTINUE READINGAs we head into 2020, application security remains an essential consideration for every organization operating in this digital era. We’ve...
CONTINUE READINGThe trend to outsource a development project or the development function has been growing in recent years, and for some...
CONTINUE READINGAs 2019 draws to a close and we reflect on our accomplishments and determine how we can improve in the...
CONTINUE READINGOut of the 350 popular Android apps reviewed, 70% leak sensitive personal data (2019 WhiteHat Security Stats Report findings in...
CONTINUE READINGWith the holiday season now in full swing, retail companies have been readying their stores and websites for the influx...
CONTINUE READINGA recent study by Zimperium of the world’s leading travel applications to understand how they manage users’ security and privacy...
CONTINUE READINGWhile nearly 75 percent of developers worry about the security of their applications, and 85 percent rank security as very...
CONTINUE READINGWhether you’re planning to celebrate Thanksgiving with family, a Friendsgiving with your closest mates or perhaps even a Worksgiving with...
CONTINUE READINGIt’s that time of year again: the holidays are among us. Soon, millions of us will be on the road...
CONTINUE READINGIf you work in the public sector, you’ll notice a familiar pause to your work routine this week, as many...
CONTINUE READINGEach November, National Stress Awareness Day is recognized on the first Wednesday of the month and aims to identify and...
CONTINUE READINGThe State of Data Breaches in the Healthcare Industry This decade has seen an unprecedented number of connected systems and...
CONTINUE READINGOctober is known for being the “spookiest” of all the months. While there’s always debate on if ghosts, ghouls and...
CONTINUE READINGArtificial intelligence (AI) is a bit of a buzzword, and it has been thrown around quite a bit in the...
CONTINUE READINGThe modern-day developer faces an inordinate amount of challenges daily. Between constantly fighting to create the most innovative apps to...
CONTINUE READINGOctober marks the 16th annual National Cyber Security Awareness Month (NCSAM). This collaborative effort between government and industry has never...
CONTINUE READINGA collaborative effort between government and industry, National Cybersecurity Awareness Month (NCSAM) is observed every October in an effort to...
CONTINUE READINGPreviously, we discussed in part 1 of this blog series, application security issues are becoming the first and foremost cause...
CONTINUE READINGWhether it was the millions of users left vulnerable by Fortnite, or hackers gaining access to Dunkin’ customer accounts, 2019...
CONTINUE READINGRecently, there has been a constant upward trajectory in spending on IT security, and there are no signs of that...
CONTINUE READINGIf businesses hadn’t already woken up to the financial clout that’s now in the hands of the world’s data protection...
CONTINUE READING“The customer is always right,” is the go-to customer service phrase originally coined by Harry Gordon Selfridge in London in...
CONTINUE READINGWhen British Airways was informed it was facing a fine of £183 million by the UK’s Information Security Commissioner (ICO)...
CONTINUE READINGServer-side request forgery (SSRF) has been in the news recently for causing mainstream data breaches impacting hundreds of millions of...
CONTINUE READINGMore and more, businesses today are staking their success on web and mobile applications. But this explosive rise in the...
CONTINUE READINGThousands of people every year gather in the desert to be able to attend one of the most captivating events...
CONTINUE READINGIn the current data compliance and data security climate, empowered regulators are really flexing their muscles. Within the space of...
CONTINUE READINGDespite women gaining the equal right to vote in 1878 and the U.S. Congress designating Aug. 26 as Women’s Equality...
CONTINUE READINGAs modern application development trends go, distributed microservices architecture has been one of the most popular and successful in recent...
CONTINUE READINGThis is the 14th year that we are publishing our annual WhiteHat Security Application Security Statistics report. Over the years, this...
CONTINUE READINGData privacy is all about users’ personal data collected, stored or used by an organization, but are organizations doing enough...
CONTINUE READINGThe WhiteHat Security team is seeing a massive shift towards cloud adoption largely driven by organizations looking to reduce cost,...
CONTINUE READING“The more things change, the more they stay the same.” This simple, succinct proverb created in the 19thcentury by French...
CONTINUE READINGIf the title on your office door says, ‘Chief Information Security Officer (CISO),’ chances are, your days are consumed with...
CONTINUE READINGIt’s in the nature of cybersecurity that every technology vendor and service provider is vulnerable to security breaches and attacks...
CONTINUE READINGSigned, sealed, delivered…WhiteHat Security is happy to announce that the acquisition by NTT Security is now complete! Back in March...
CONTINUE READINGRecently, I was out on a shopping trip at a department store, and I saw an employee scrambling to help...
CONTINUE READINGWith women staffing less than 20 percent of technology jobs in the United States, despite making up more than half...
CONTINUE READINGFrom a very young age, I had always had a keen interest in technology. I always found myself wanting to...
CONTINUE READINGSpeed to market has been everything in the software development world. But over time we’ve discovered that speed alone cannot...
CONTINUE READINGIt’s no secret that the gender gap in technology is still an issue today. According to a study by PwC, only...
CONTINUE READINGJavaScript is the programming language used to program the behavior of webpages, including creating interactive features like menus, forms, animations,...
CONTINUE READINGCross-Site Request Forgery (CSRF) generates many questions from prospects, customers, partners, and Web application security professionals we work with. The questions...
CONTINUE READINGIs your organization compliant with the security standards and regulations implemented by your industry, state, or country that are applicable...
CONTINUE READINGFor women in cybersecurity looking to take the next step in their career, navigating that pathway can be challenging. Women...
CONTINUE READINGIn today’s digital economy, time to market is everything. Organizations are expected to release applications and updates on a near-continuous...
CONTINUE READINGAs most people know, there are a lot of moving parts that go into running a cybersecurity company. With products...
CONTINUE READINGIn the application security space, customers and prospects tell the same story time and time again: “We set up an...
CONTINUE READINGSoftware composition analysis (SCA) allows organizations to identify third-party and open source components that have been integrated into all applications,...
CONTINUE READINGEveryone knows that there are two things that are certain in life: death and taxes. However, in recent years as...
CONTINUE READINGThe popularity of reusable software components has soared throughout the developer community in recent years, largely due to the convenience...
CONTINUE READINGIt Gets Worse Before it Gets Better For every 100KLOC, a monolithic application will have an average of 39 vulnerabilities,...
CONTINUE READINGThere’s been much public debate in the tech industry around a growing shortage of qualified tech talent that’s making it...
CONTINUE READINGResearchers and technologists alike are talking about how blockchain technology is the next big thing across industries from finance to...
CONTINUE READINGUPDATE – 4/20/2016 We have our Top 10 list folks! After a lot of coordination, research, voting by the community and...
CONTINUE READINGIt has been discovered that OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k are vulnerable to a downgrade...
CONTINUE READINGUPDATE – 3/19, 11:00 a.m PT We have our Top 10 list folks! After weeks of coordination, research, voting by...
CONTINUE READINGNaenara Browser is the DPRK’s version of Firefox that comes built into Red Star OS, the official operating system of...
CONTINUE READINGEvery few months I find myself looking up up the syntax of a relatively obscure, common HTTP headers. Regularly I...
CONTINUE READINGA long time ago I began to compile a list of lesser known but still very scary choke points on...
CONTINUE READINGThere’s a problem with the reflective Cross Site Scripting (“XSS”) filter in Microsoft’s Internet Explorer family of browsers that extends...
CONTINUE READINGI think a lot of web designers and web masters have almost no idea what are the most important things...
CONTINUE READINGIt appears that an unconventional method of Cross Site Request Forgery may be made exploitable by using Firefox versions 21...
CONTINUE READINGThe web waits for no one, not even W3C. While the HTML5 specification isn’t finalized, and HTML5 Storage has even...
CONTINUE READING[This interview openly discusses criminal activities from the perspective of an admitted criminal. You may find this content distressing, even...
CONTINUE READINGThe keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking...
CONTINUE READINGTwo weeks ago I was in the midst of a nightmare. I’d forgotten a password. Not just any password. THE...
CONTINUE READINGJSON (JavaScript Object Notation) is quickly becoming the de-facto way to transport structured text data over the Web, a job also...
CONTINUE READINGWhether we like it or not, whether we want them to or not, whether it’s legal or not, there are...
CONTINUE READINGWhat is it and why should I care? Session fixation, by most definitions, is a subclass of session hijacking. The...
CONTINUE READINGX-Frame-Options (XFO) is an HTTP response header, mostly used to combat Clickjacking, that informs a Web browser if the page...
CONTINUE READINGWhat is it and why should I care? Content Security Policy (CSP) is a new(ish) technology put together by Mozilla...
CONTINUE READINGWhat is it and why should I care? Cross-Site Request Forgery (CSRF) is an attack where victims are forced to...
CONTINUE READINGWhat is it and why should I care? HTTP Strict Transport Security (HSTS) is a new(ish) technology that allows an...
CONTINUE READINGWhat is it and why should I care? Session cookies (or, to Java folks, the cookie containing the JSESSIONID) are...
CONTINUE READINGWhat is it and why should I care? Clickjacking prevention is a type of “Web framing” or “UI redressing” attack....
CONTINUE READINGWhat is it and why should I care? X-Frame-Options (moving towards just Frame-Options in a draft spec – dropping the...
CONTINUE READINGIt seems that many penetration testers rarely test cryptographic vulnerabilities. I’ve always been interested in cryptography, so I’ve made it...
CONTINUE READINGPlease forgive the title, but today’s topic is something to be wary of if you write (or use) any access...
CONTINUE READINGWhat is it and why should I care? Session cookies (or, to Java folks, the cookie containing the JSESSIONID) are...
CONTINUE READINGWhat is it and why should I care? Error or exception handling is an important, but often ignored, part of...
CONTINUE READINGA Single-Site Browser (SSB) is a highly restricted Web browser only capable of connecting to a single website. A “website”...
CONTINUE READINGWhiteHat Security Vulnerability Advisory Affected Product: scalable Inman Flash Replacement (sIFR) version 3 Vulnerability: Cross Site Scripting CVE ID: ...
CONTINUE READING