web application security
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)
A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …
Blocked DDoS events up 75% in the first nine months of 2021
Radware has published results from its report which provides an overview of the DDoS attack landscape, application attack developments, and unsolicited network scanning …
Organizations making security trade-offs in the push to innovate
The vast majority of organizations are increasing their investment in application security this year, but they continue to struggle to fully embrace secure innovation. A …
OWASP Top 10 2021: The most serious web application security risks
The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk. How is the list compiled? …
Application security tools ineffective against new and growing threats
A study by Fastly and ESG, based on insights from information security and IT professionals representing hundreds of organizations globally, revealed growing concerns around …
DevOps didn’t kill WAF, because WAF will never truly die
The web application firewall (WAF) is dead, they say, and DevOps is the culprit, found over the body in the server room with a blade in its hand and splattered code on its …
Even though critical, web application security is getting less attention
As organizations shifted focus to support remote work and business continuity amid the challenges of 2020, web application security suffered, according to an Invicti Security …
Getting your application security program off the ground
IT and security professionals are increasingly concerned about attackers compromising their mission-critical applications. According to a recent Ponemon study, the reasons for …
Theory and practice of web application security efforts in organizations worldwide
75% of executives believe their organization scans all web applications for security vulnerabilities, while nearly 50% of security staff say they don’t, a Netsparker …
Meetup vulnerabilities enabled group takeovers, payment redirections
Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over …
Biomedical orgs working on COVID-19 vaccines open to cyber attacks
In a recently released report by the UK National Cyber Security Centre (NCSC), whose findings have been backed by Canada’s Communications Security Establishment (CSE) and the …
40% of security pros say half of cyberattacks bypass their WAF
There are growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their Web Application Firewall (WAF), Neustar reveals. …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments