Providing seamless, secure access to web applications for users is vital for many organizations. With more and more users accessing business applications via the web and from mobile devices, the…
Tag:
OWASP TOP 10
-
Injection attack remains at the A1 position on the latest 2017 OWASP Top 10 list of most prevalent security threats for web-based applications. It is straightforward to exploit on systems…
-
Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization that provides unbiased, practical information to improve the security of software. Project members include a variety of security…
-
What is the vulnerability? Web sites are constantly changing. Pages get published but later they are superseded by new ones that contain updated information. However many people will have the…
-
When considering a Defense-in-Depth strategy for the Cloud, the applications themselves are probably the greatest risk factor. Vulnerabilities in applications, be it from poor coding or inadequate access controls, account…
-
Missing Function Level Access Control What is the vulnerability? Web applications typically only show functionality that a user has the need for and rights to use in the UI on…
-
What is the vulnerability? An Insecure Direct Object Reference vulnerability occurs when data in an application is exposed without appropriate checks being made before the access is granted. The data…
-
Cross Site Scripting (XSS) attacks are a type of injection attack. XSS is probably the most common type of malicious attack after code injection. They are certainly the most common…
-
Security Misconfiguration Modern web applications are built from many different parts. There are front end components such as a web browser, a desktop application with embedded web viewer, or increasingly…
-
Load BalancerNewsSecurityWAF
Introducing KEMP’s LoadMaster-Integrated Web Application Firewall Services
by Jason DoverKEMP Technologies provides the best software and virtualization-focused enterprise application delivery controllers (ADCs) with the widest platform support in the industry. A key part of a holistic application delivery strategy…
Very few web application projects are delivered using software completely written from scratch. Rather the modern application development model relies on frameworks, modules and components from various sources that are…
Cross Site Request Forgery An attacker can compromise a web application that has a Cross Site Request Forgery (CSRF) vulnerability by exploiting a valid authenticated session that has been set…
What is Sensitive Data? There is an argument to be made for saying that all data is sensitive. Certainly, some data which might be sensitive for one person, another person…
Broken Authentication and Session Management Securely authenticating users, managing their sessions when connected, and ensuring proper logout when the sessions end are essential activities when delivering web applications. As are…