API security risks report exposes Netflix and Wordpress
Monday, November 27, 2023 by Richard Harris
Wallarm, the end-to-end API and app security company, announced the release of its Q3-2023 Wallarm API ThreatStats report. The quarterly report details the surge in threats centered around APIs and uncovers critical vulnerabilities, like injections and API data leaks, that have recently impacted leading firms, including Netflix, VMware, and SAP.
The new report i...
5 mistakes businesses make in application development
Friday, October 23, 2020 by Mayur S Shah
5 Mistakes Businesses Make While Prioritizing Speed Over Security in Application Development
Earlier this year, the Democratic party in Iowa announced its plans to use a smartphone app to calculate and transmit their caucus results. One would think that by using technology to improve the speed of governance, what could possibly go wrong? A lot, apparently. The a...
Most cryptocurrency mobile apps are vulnerable
Thursday, November 30, 2017 by Christian Hargrave
Over 1,300 crypto currencies exist today with over $300 Billion market capitalization. One of the most popular and oldest cryptocurrency - Bitcoin has almost reached $10,000 price after several months of fluctuation, but continuous and steady growth.A wide spectrum of mobile applications for cryptocurrencies were released during the last few years by various startups, i...
Rethinking DevOps as DevSecOps
Thursday, October 12, 2017 by Akshay Aggarwal
If you’re not already thinking right now that your DevOps teams should be run like a DevSecOps team, you may already be in a world of hurt. Time to wake up! As the adoption of APIs continues to grow, so do the risks to organizations that don’t actively test the security of their solutions. Modern Agile development frameworks have changed the way engineering teams produc...
Improve mobile app security by turning it into code
Monday, May 8, 2017 by Jeff Williams
Why is application security such a pain? One of the hard problems with application security is that there are a zillion different ways that things can go wrong. Far more than any one person can be expert in. It's unfair to think that a software developer, who is already supposed to be expert in all the latest software languages, frameworks and best practices, should als...
ImmuniWeb Mobile launches to offer better mobile security testing
Wednesday, March 15, 2017 by Richard Harris
High-Tech Bridge announces the launch of ImmuniWeb Mobile as part of ImmuniWeb Application Security Testing Platform. The new offering will provide comprehensive assessment of iOS and Android mobile applications, mobile infrastructure backend and data channel encryption. All ImmuniWeb Mobile packages are provided with a zero false-positives SLA. The mobile application s...
Webscale launches new WAF to thwart attacks on eCommerce sites
Thursday, March 2, 2017 by Richard Harris
Webscale has announced the launch of their Cloud Web Application Firewall (WAF), the first of a new line of a-la-carte solutions designed to address the pain points many businesses face with regards to the security, availability and performance of their critical web applications. While the market is flush with WAF solutions that combat malicious attacks at the edge of a...
80 percent of web apps have security flaws
Tuesday, February 14, 2017 by Richard Harris
Data collected by Contrast Labs has revealed that sensitive data exposures, which include missing and weak encryption, are the top vulnerability plaguing 69 percent of web applications and accounting for 26 percent of all vulnerabilities. Their research has also found that 80 percent of tested software applications had at least one vulnerability, with an average of 45 v...
Security First: 5 tips for building a secure mobile app from the ground up
Wednesday, October 5, 2016 by Karen Sittig
With more than two billion smartphone users worldwide, the app market has exploded — along with risks. Mobile app developers are still struggling to make security a priority and by 2017, cyber-attacks via vulnerable apps are anticipated to account for 75% of all mobile security breaches. Given what's at stake, it's critical that developers build apps that are &ldq...
Synopsys Makes Updates to its Seeker Runtime Security Analysis Tool
Monday, August 8, 2016 by Richard Harris
Synopsys has released the latest version of its Seeker runtime security analysis solution. Seeker analyzes web application code and data flows at runtime using a technique known as an Interactive Application Security Testing (IAST), which detects and confirms exploitable security vulnerabilities and provides insight that allows developers to address their root causes. T...
WaveMaker Adds Security Enhancements to Its Rapid Application Development Platform
Friday, July 15, 2016 by Richard Harris
WaveMaker has announced two new security enhancements to its enterprise-class Rapid Application Development platform. The WaveMaker platform now supports Single Sign-on for WaveMaker-built and deployed applications using Central Authentication Server (CAS), which permits users to access multiple applications by providing credentials such as UserID and password only once...
Five Common Mobile App Security Vulnerabilities And How to Fix Them
Saturday, April 30, 2016 by Seth Jaslow
Mobile app security leaves much to be desired. That was the conclusion of a 2016 Hewlett Packard Enterprise (HPE) study which found that a staggering 96 percent of 36,000 mobile apps failed at least one of 10 privacy checks. Three years ago, a similar HPE study found that 97 percent of 2,000 apps reviewed held insecure private information. As mobile app usage conti...
Security Brief Protecting Against the OWASP Mobile Top 10
Thursday, January 7, 2016 by Stuart Parkerson
There are over 1.6 million Android apps in the Google Play store. Over 1.5 million apps are in the Apple App Store. For mobile app hackers, today’s mobile environment has never offered a more fertile landscape to phish for user information or implant mobile malware. And never in history has more information been available to exploit.To understand how mobile application ...
86 Percent of PHP Based Applications Contain at Least One CrossSite Scripting Vulnerability
Tuesday, December 8, 2015 by Stuart Parkerson
Veracode is reporting that its analytics show 86 percent of PHP-based applications contain at least one Cross-Site Scripting (XSS) vulnerability and 56 percent have at least one SQL injection (SQLi) when initially assessed by Veracode. The analysis is part of a supplement to Veracode’s “2015 State of Software Security: Focus on Application Development”, which is a repor...
Axway Launches New API Security Offerings
Friday, September 25, 2015 by Richard Harris
Axway has made a number of updates to in its release of Axway 5 Suite API Management, release 7.4.1 including built-in API Firewalling capabilities. The Axway 5 Suite API Management platform provides companies with an enterprise-grade API management and security platform offering the ability to protect against malicious attacks, including Denial of Service (DoS), c...
AppSecUSA Security Conference to Delve Into Application and Cloud Security
Friday, September 11, 2015 by Stuart Parkerson
There is still time to participate in OWASP's 12th Annual AppSecUSA Security Conference designed for developers and security experts focusing on application and cloud security. The conference will be held in San Francisco on September 24-25 and a separate two day training program will be offered September 22-23.Held at the Hyatt Regency San Francisco, more than 40 speak...
An Analysis of the Starbucks Cyber Attack and How To Stay Protected
Wednesday, June 10, 2015 by Amit Ashbel
How much is a cup of coffee really worth? Several weeks ago, many Starbucks customers began reporting their Starbucks card balance emptied and then topped again. On May 13th, Starbucks released a written statement denying the un-authorized activity was a result of a hack or an intrusion to its servers or mobile app. But the hard facts show that indeed customers ha...
Contrast Security Release New Enterprise Application Security Platform
Tuesday, June 9, 2015 by Stuart Parkerson
Contrast Security has release Contrast Enterprise, a new application security product to integrate defenses across development and operations, offering vulnerability assessment, security visibility and attack protection throughout the application lifecycle. Contrast Enterprise offers Runtime Application Self-Protection (RASP), which provides deep security instrumen...
MetaIntelli and Arxan Technologies Partner to Identify and Mitigate Mobile Apps Security Threats
Sunday, November 16, 2014 by Stuart Parkerson
MetaIntelli and Arxan Technologies have partnered together to provide mobile app developers with a comprehensive approach to identify and mitigate mobile apps against security and privacy risks with nonstop protection. The two companies bring together complementary technologies that leverage MetaIntelli’s intelligent, autonomic cloud based mobile app risk identific...
HP Internet of Things Study Shows Majority of IoT Devices Contain Serious Vulnerabilities
Monday, August 4, 2014 by Stuart Parkerson
HP has released new research, The Internet of Things State of the Union Study, which reveals that 70 percent of the most commonly used Internet of Things (IoT) devices contain serious vulnerabilities. The study is an outgrowth of HP’s OWASP Internet of Things Top 10 Project. The projects goal is to educate the IT community on the main facets of Internet of Things s...
Spirent Offers New SaaS Vulnerability Scanning and Load Testing Platform
Tuesday, May 6, 2014 by Stuart Parkerson
Spirent Communications, a provider of network, devices and application testing solutions, has launched ArmorHub, a cloud-based vulnerability scanning service for website owners, application developers, and API managers.ArmorHub, together with Blitz.io, delivers a set of cloud-based services for security assessment and load testing offered as a subscription-based Softwar...
Coverity Releases New Version of Enterprise Development Testing Platform
Wednesday, January 8, 2014 by Richard Harris
Coverity has announced the availability of the Coverity Development Testing Platform 7.0, the next-generation of its software testing platform.The platform enables testing for cloud, mobile and web-based application development in Enterprise IT organizations. The new version of the Coverity Development Testing Platform is an enterprise-scale solution which combines...
