Articles about Web Application Security

Security teams know they need to test their main applications, but they often struggle to identify which other assets to cover. On average, organizations can miss testing nine out of 10 of their complex web apps.

Security testing platform Detectify is announcing the launch of its new Asset Classification and Scan Recommendations capabilities which enable organizations to easily identify and swiftly act on their complex web applications.

Continue reading →

A new report from CyCognito looks at the challenges faced by cybersecurity professionals in protecting web applications, which have become prime targets for cyberattacks.

Organizations maintain dozens, often hundreds, of custom web apps, developed in-house and by third-party partners. What's more over 60 percent update web applications weekly or more often.

Continue reading →

Globally, the average number of DDoS attacks per customer grew by 94 percent in 2023, according to a new report from Radware.

"The technological race between good and bad actors has never been more intense," says Pascal Geenens, Radware's director of threat intelligence. "With advancements like Generative AI, inexperienced threat actors are becoming more proficient and skilled attackers more emboldened. In 2024, look for attack numbers to climb and attack patterns, like the shift in Web DDoS attacks, to continue to evolve."

Continue reading →

New research from Barracuda finds that 30 percent of all attacks against web applications target security misconfigurations -- such as coding and implementation errors.

Analysis of incidents detected and mitigated by Barracuda Application Security during December shows 21 percent involved code injection. Though these were more than just SQL injections, generally designed to steal, destroy, or manipulate data.

Continue reading →

Web applications remain one of the most targeted areas for threat actors. According to Verizon’s Data Breach Investigations Report, web application attacks were behind 26 percent of all successful attacks during the twelve months covered. Yet while the methods for attacking web applications are well known and understood, as evidenced by the work that the Open Web Application Security Project (OWASP) has done on their Top Ten list over the years, many companies still find hardening their applications challenging.

Authorization and access control describe the biggest set of challenges identified by OWASP in their most recent Top 10 list (2021) -- three out of the top five issues were around broken authorization, while broken authentication and improper access to resources were also common problems. The OWASP Top 10 for 2021 also includes attacks that work on unrestricted access to sensitive business flows, which covers areas like creating fake accounts, and server side request forgery where APIs can send resources to the wrong locations.

Continue reading →