skip to Main Content

Category: Web Application Security

The Inside-Out Application Security Opportunity with RASP

Digital transformation projects demand that developers continually roll out new applications to fuel those efforts. These new applications and APIs can surface sensitive data and must be protected in production: RASP (runtime application self protection) provides developers a defensive means…

Navigating Cybersecurity Metrics For Web Applications

Maintaining a resilient security posture is an ongoing effort for every organization. As reports of data breaches, fraud, and cyberattacks grow increasingly common, it’s important to have strategies in place to mitigate their impact. Whilst cybersecurity may have once seemed…

The Future of Zero Trust: Continuous Authentication

Ask any CISO about a trend that they think will help push security postures forward and you’ll inevitably hear the same thing: the elimination of the perimeter and the rise of the zero trust mindset. In the old perimeter model,…

Web Application Security Without Organizational Resistance

As software-defined networks have replaced the monolithic, server-to-server communication paths of networks’ past, web application firewalls (WAFs) have become staples of organizations’ security technology deployments. First-generation WAFs, launched circa 1990 as extensions to traditional network firewalls, relied on the analysis…

Preventing Server Side Request Forgery (SSRF)

Reflecting on the use of SSRF in the Capital One Breach One of the most notable breaches of 2019 was the Capital One breach, where the attacker used a Server Side Request Forgery (SSRF). It was notable not only because…

Protecting WebSocket Protocol Apps and APIs with Signal Sciences

The 4.2 release of the Signal Sciences agent introduces WebSocket traffic inspection, enabling customers to extend the coverage of applications, APIs, and microservices protected by Signal Sciences next-gen WAF to apps and services that utilize the WebSockets protocol. Rarely found…

HTTP Request Smuggling Detections

I’m excited to announce the ability of Signal Sciences to detect HTTP Request Smuggling attempts! For customers implementing modern, multi-tiered or cloud native web applications, Signal Sciences can now seamlessly detect and mitigate HTTP Request Smuggling attempts which seek to…

Strengthening Your Defenses Against API Abuse

Application Programming Interfaces (APIs) are an intermediary framework that enable applications to communicate and exchange data with one another. As a backbone of the modern web, software companies build and deploy APIs to do everything from displaying social media content…

Securing Technology Innovators’ Web Layer Assets

Move Fast Without Breaking Things For the last fifteen years, Facebook’s motto “Move Fast and Break Things” has been the mantra of technology companies looking to replicate the magic coming out of Silicon Valley and other startup hubs. The idea…

Virtual Patching the Signal Sciences Way

Virtual Patches: Security Duct Tape Let’s get serious for a minute. Virtual Patching is Cyber duct tape. Originally coined by Intrusion Prevention System (IPS) vendors years ago, Virtual Patching has been known by different names including “External Patching” and “Just-in-time…

Back To Top