Vandana Verma: Passionate guide for the web application security journey

Vandana Verma, security architect at IBM India Software Labs and web application security expert, shares her advice on tools, training, and shifting left.
The post Vandana Verma: Passionate guide for the web application security journey appeared first… Continue reading Vandana Verma: Passionate guide for the web application security journey

[Webinar] OWASP Top 10 for JavaScript Developers

The OWASP documentation doesn’t give much attention to JavaScript. This webinar explains the OWASP Top 10 in terms of JavaScript vulnerabilities.
The post [Webinar] OWASP Top 10 for JavaScript Developers appeared first on Software Integrity Blog… Continue reading [Webinar] OWASP Top 10 for JavaScript Developers

Protecting WebSocket Protocol Apps and APIs with Signal Sciences

The 4.2 release of the Signal Sciences agent introduces WebSocket traffic inspection, enabling customers to extend the coverage of applications, APIs, and microservices protected by Signal Sciences next-gen WAF to apps and services that utilize the Web… Continue reading Protecting WebSocket Protocol Apps and APIs with Signal Sciences

vBulletin zero-day exploited in the wild in wake of exploit release

An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it didn’t take long for attackers to start using it. About vBulletin vBulleti… Continue reading vBulletin zero-day exploited in the wild in wake of exploit release

Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions

A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases.

phpMyAdmin is a free and open source ad… Continue reading Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions

WebARX — A Defensive Core For Your Website

Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big vision for a safer web.

It built a defensive core for we… Continue reading WebARX — A Defensive Core For Your Website

What are the different types of security vulnerabilities?

An application security vulnerability is a security bug, flaw, error, fault, hole, or weakness in software architecture, design, code, or implementation that can be exploited by attackers. Let’s take a closer look at the different types of secur… Continue reading What are the different types of security vulnerabilities?

Imperva discloses security incident affecting Cloud WAF customers

Imperva, the well-known California-based web application security company, has announced that it has suffered a “security incident” involving its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula. What happened? The … Continue reading Imperva discloses security incident affecting Cloud WAF customers

Imperva Breach Exposes WAF Customers’ Data, Including SSL Certs, API Keys

Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information for some of its customers, the company revealed today.
Continue reading Imperva Breach Exposes WAF Customers’ Data, Including SSL Certs, API Keys