Please turn on your JavaScript for this page to function normally.

web application security

Next.js
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …

key
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys

A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the …

Karl Mattson
Tackling software vulnerabilities with smarter developer strategies

In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can …

SafeLine WAF
SafeLine: Open-source web application firewall (WAF)

SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. “SafeLine WAF was created to protect web …

Tony Perez
AI’s impact on the future of web application security

In this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed by APIs, …

industry
Web-based PLC malware: A new potential threat to critical infrastructure

A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced …

Apache Struts
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code …

3CX
3CX compromise: More details about the breach, new PWA app released

3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting …

free cybersecurity resources
7 free cybersecurity resources you need to bookmark

CodeSec CodeSec is a CLI based tool which brings Contrast’s enterprise-level security testing right to your laptop. It allows you to run real-time SAST or Serverless …

code
Teams that shift security left and focus on attackability ship more secure code

ShiftLeft released its second annual AppSec Progress Report documenting critical trends in application security and how organizations are shifting security left to deal with …

fire
WAFs can’t give organizations the security they need

Cymulate reveals that web application firewalls are the least effective security solutions, making them prime target for adversaries and high risk points for organizations. …

mobile apps
Web app attacks are skyrocketing, it’s time to protect APIs

Web app attacks against UK businesses have increased by 251% since October 2019, putting both organizations and consumers at risk, an Imperva reserach reveals. In a study of …

Don't miss

Cybersecurity news