Blacklisting is not the best or only way to avoid an XSS attack. This web application penetration scenario shows how an attacker could circumvent this safety feature.
As Vulnerability Management systems move from CVSS v2 to v3, WhiteHat scoring keeps up.
Testing Single Page Applications for Broken Access Control Policies
Bank Websites and insufficient process validation – A recipe for Fraud
Angular Frameworks on a TypeScript back end: Security improvements for API calls with a warning
Learn about new self-service features: Associated Host Names & BLA Scheduling.
As web applications become more complex due to the use of various technologies, so will the attack surface of the applications that implement these technologies. Applications that utilize JSON to populate application content are just one example.
Thanks to everyone who attended the first Crash Course Series webinar. As we ran out of time before answering all of the questions at the end (and thank you all for so much participation!), I thought I’d pull the unanswered and reply to them here in longer form than the time allotted.
As more and more organizations are embracing agile, fast waterfall, DevOps methodologies, a key cultural shift is happening towards bringing security closer to developers.
Learn about Facebook, APIs, and Application Data Mining from the product marketing team a WhiteHat Security.
The building blocks essential to digital transformation for a safe digital life entail securing APIs and Microservices - learn more from Craig Hinkley, CEO of WhiteHat Security.
In 2017, we made a concerted effort to provide more helpful resources to the application security space, and we’re thrilled that these assets were of value to so many people and organizations, across a multitude of industries.
2018 Winter Olympic Games hit with destroyer malware during opening ceremony.
That was a great show. But I’m not sure it really taught us anything. Because in today’s scary cyber security climate, it turns out that all of us – the humans – are “the weakest link.”
Software Composition Analysis (SCA) allows you to identify third-party and open source components that have been integrated into all your applications.
I’d like everyone to pause, and in their minds and hearts say thank you to the hundreds of engineers at various hardware, software, and security vendors who spent their holidays working on OS patches, browser patches, cloud roll-outs and distribution of patches for Meltdown and Spectre.
Dust off your Old Glory Insurance policy, ROBOT attack is now a real thing that can happen to you.
2018 is right around the corner, and with the changing of the calendar people naturally gravitate to looking ahead and thinking about everything that will happen in 2018. Security is no different and we often are asked, what’s going to happen in 2018?
The security industry needs unbiased sources of information who share best practices with an active membership body who advocates for open standards. In the AppSec world, one of the best is the Open Web Application Security Project (or OWASP).
2017 has been a wild ride in the security world. This year we saw several high-profile breaches and cyber-attacks, the most notable being the Equifax breach and the WannaCry malware campaign.
The news was just released that a massive breach hit Uber in October of 2016. The personal information of 57 million Uber users and 7 million Uber drivers were stolen, including names, email addresses and phone numbers.
Black Friday and Cyber Monday are less than a week away and the sales have already begun. As people are hunting for the best deal on that new TV, they often forget about security entirely. So what should we all be worried about when buying items this holiday season and what can we do to stay safe?
Using "HREF with Target" can have exploits and weaknesses - learn best practices from secure coding experts on preventive measures.
Week four of National Cyber Security Awareness Month is focused around a career in cyber security.
It’s another day which means another round of Ransomware. This time it’s a ransomware that’s being called ‘Bad Rabbit’, and if the Bad Rabbit infections look familiar, they are.
As you’ve probably read, there is a serious vulnerability in the WPA2-PSK protocol that almost all WiFi traffic uses. This vulnerability is being called ‘KRACK’, which stands for Key Reinstallation Attack.
While it’s difficult to get permission from one’s corporate communications team or legal department on chatting with vendors, I was able to secure an interview with one of our financial services customers who use both Dynamic and Source code scanning.
Week three of National Cyber Security Awareness Month is focused around connected devices.
WhiteHat Sentinel Dynamic is the dynamic application security testing solution that helps you understand, prioritize, and mitigate your web app vulnerabilities. Now is your chance to take advantage of this application security platform for free.