As another year comes to a close, application security remains more important than ever; it is a must have. With virtually every business using applications to grow their businesses, the vulnerabilities and risks associated with these business-enabling applications continue to grow exponentially.

2018 has been a record year for security breaches – but that’s not news. Inevitably, each year has more security incidents than the previous year, and the pattern is likely to continue for the foreseeable future.

Since it’s Thanksgiving, WhiteHat wondered, what are hackers giving thanks for? The simplest answers are Google, gigabit internet speeds, and an endless supply of caffeine. But the number one thing that hackers are overwhelmingly grateful for is DATA, especially passwords stored in plain or cleartext.

With Black Friday and Cyber Monday quickly approaching, the deals have already begun. 2018 is expected to be yet another year for record-setting sales figures, continuing the growth of the holiday from its induction.

With the proliferation of the mobile workforce in recent years, policies such as “bring your own device” (BYOD) have exploded in popularity - leading to the next stage of the cycle: “bring your own apps” (BYOA).

Since 2013, WhiteHat Security has provided customers the ability to include a dynamically generated trust mark on their companies’ websites, indicating that WhiteHat manages their sites’ security.

In a representative democracy like the United States, voting is a fundamental right, privilege and civic duty. The infrastructure of our electoral process is critical to governing in the U.S., and election security should be of the utmost importance. But is it easy to hack an election?

The news that private equity business Thoma Bravo is to acquire our rivals over at Veracode underlines that the application security space is quickly becoming one of the hottest sectors in the entire security industry.

As discussed last week, many states are failing to take appropriate responsibility - not only to ensure that our voting machines work, but that they’re secure. Is there hope that we can still encourage a change before November? As with anything else, change is often difficult and time consuming.

Election Day 2018 is fast approaching, and when Americans head to the polls, will their votes be secured? That’s the burning question on the minds of many security experts. As important as these midterms maybe, the security and integrity of our American voting systems should also be at the forefront of the conversation.

We’re into week four of National Cyber Security Awareness Month (NCSAM), which focuses last but definitely not least on the importance of securing our country’s critical infrastructure. In the U.S., it’s comprised of 16 sectors that along with other networks and systems, support the supply of food, water, financial services, public health ....

There's no doubt that IT security is a critical issue for many businesses. High profile examples of data breaches involving the likes of Facebook, British Airways, Heathrow Airport, Google+ and the U.S. State Department, merely serve to reinforce our fears and anxieties around cybersecurity.

October is National Cyber Security Awareness Month, and this week’s theme is centered around education, training and careers in the field. Therefore, it was the perfect time to catch up with WhiteHat Security’s CEO Craig Hinkley to get some inside advice for anyone looking to rise through the ranks within the cybersecurity industry.

A single-page application (SPA) is a website that interacts with a user by dynamically rewriting the current page, rather than loading entire new pages directly from a server. This SPA approach avoids interruption between successive pages, which makes the application behave more like a desktop app than a traditional website.

As the chief scientist at WhiteHat Security, I oversee all research and development for the WhiteHat Sentinel product line, defining and driving the underlying technology.

Today, we released the results of our newest threat research, compiled in the 2018 Application Security Statistics report, “The Evolution of the Secure Software Lifecycle.”

October marks the 15th annual National Cyber Security Awareness Month. What began as a collaborative effort between government and industry has possibly never been more relevant than now, serving as a reminder to not only be more conscious of cybersecurity threats, but how we as individuals and businesses can proactively mitigate cyberthreats.

Facebook announced this morning that between 50 and 90 million accounts have been breached due to unnamed hackers stealing the access tokens of other users ...

Earlier this month, we celebrated National Coding Week. To mark the occasion, we caught up with Abishek Ramasubramanian, one of our coders. He told us about his career path, gave us an insight into a working day as a WhiteHat Security software engineer and offered some practical advice for anyone thinking of becoming a coder.

There have been a few high-profile breaches in the news lately related to Magecart, including British Airways, Ticketmaster, and Feedify. For those who don’t know, Magecart is a hacker group whose modus operandi involves skimming credit card details with code tailored to the sites they infect ...

There is no 100 percent secure, completely flawless computer program, yet security practices are often an after thought in programming. But even with the best security practices 'baked into' the software life cycle (SLC), there is still the possibility of a zero-day vulnerability existing in the code.

Now in its fifth year, National Coding Week has gone from strength to strength. Founded in the UK to help people improve their digital literacy and aiming to fill the growing IT skills gap, it is now a truly global event with huge amounts of interest from the press and exposure across social media platforms.

In order to fully assess a client website, it needs to be first fully mapped and scanned--with all links, forms, APIs, etc. discovered. Currently, a lot of human time and resources are dedicated to these tasks. Using ML, we could potentially speed up this process even more, further decreasing time to value for our clients.

There is no doubt that AI and ML offer major advantages for modern cybersecurity applications compared to older, automated versions. The ability for applications to learn based on experience and use the knowledge to inform their behavior when confronted with similar issues in the future delivers a significant benefit.

WhiteHat is positioned extremely well to capitalize on recent developments in ML. ML allows us to make sense of the data, train a set of expert networks on this data, and then use these networks to supplement our human element.

New Sentinel Dynamic enhancements enable highest level of accuracy in shortest timeframe, make real-time risk assessment a reality and empower developers to create secure web applications at the fast pace demanded by modern businesses

On August 22, 2018, Apache Struts announced a security vulnerability and patch which remediates a critical remote code execution vulnerability. Apache Struts is a Java-based web application platform used by an estimated 65 percent of Fortune 100 companies. With this latest vulnerability, attackers can exploit a web application...

Learn what constitutes an ideal static analysis (SAST) solution, the importance of depth of coverage, and some causes of false positives – how they come up, why they happen, and what can be done about them.

Blacklisting is not the best or only way to avoid an XSS attack. This web application penetration scenario shows how an attacker could circumvent this safety feature.

As Vulnerability Management systems move from CVSS v2 to v3, WhiteHat scoring keeps up.