You've requested...

Share this with your colleagues:

Download this next:

Application security testing: Protecting your application and data

Application security testing is critical in ensuring your data and applications are safe from security attack. This e-book explains the basics of application security and how it differs from network security, and then delves deeper into testing for two common vulnerabilities: injection and cross-site scripting. It ends with a tip regarding performance concerns when adding security protection to code. The e-book is written for IT management, including QA and development managers, interested in ensuring their applications are kept secure.

These are also closely related to: "Cross Site Scripting"

  • State of the Web Report 2019: Explore website security risks

    The website is increasingly a primary connection point between companies and their customers. Unfortunately, their architecture introduces critical vulnerabilities that enable client-side website attacks that can lead to PII and financial data theft.

    Attacks that target vulnerabilities inherent in this modern website architecture have many names including:

    • Cross-Site Scripting (XSS)
    • Formjacking
    • Magecart, Ad Injection Attacks
    • And more

    In this research report, discover the risks associated with web and web app security and learn how to better protect your organization against attacks.

  • Gain control over your web traffic & mitigate application attacks

    For most organizations, protecting web applications from attacks is critical to prevent compromises that could ultimately take down those applications as well as expose sensitive data to hackers.

    Web application firewalls (WAF) sit in-between users across the internet and your applications, inspecting back-and-forth traffic for potential threats and indicators of compromise (IOC).

    In this resource, learn about the Armor monitored WAF and how it gives you control over which traffic to allow or block to your web applications by defining customizable web security rules to stop OWASP Top 10 application attacks including SQL injections (SQLi), XML external entity (XXE) attacks, and cross-site scripting (XSS) attacks.

Find more content like what you just read:

  • Recommendations for implementing website security

    The ecommerce economy continues to grow with nearly $3.5 trillion spent in 2019. Website owners have an obligation to protect their sites, their data, and their customers to ensure the integrity of online transactions. In this resource, explore a list of recommendations to help organizations ensure website security.

    Download

  • Taking Action to Secure Web Applications

    This expert E-Guide from SearchSecurity.com explores the vulnerabilities of web applications and explores steps you should take to keep them safe.

    Download

  • Secure coding best practices for developers

    Access this whitepaper to learn some of the best steps you can take today to have more secure coding practices, and the many risks you'll be able to address.

    Download

  • Reasons to shift security left in DevOps

    Security can become a massive roadblock at the end of a development sprint, so you need to think about shifting it left in your DevOps process. What can a security shift left accomplish for you? Learn about all of the benefits in this whitepaper, and learn how to begin moving your security process today.

    Download

  • Remote code execution and application security vulnerabilities

    Join Mark Rogan, DAST Manager from the WhiteHat Security Threat Research Center, as he discusses the top vulnerabilities and gives valuable prevention tips for enterprises to implement.

    Download

  • Web-Facing Applications: Mitigating Likely Web Application Threats

    In this expert E-Guide, learn how the increased use of business-centric Web applications has spawned alarming new information security threats. Also inside, uncover tips, tricks, and best practices for making your Web apps more secure – read on to get started.

    Download

  • E-Guide: Preventing and detecting security vulnerabilities in Web applications

    The extent of fundamental security flaws in most applications often requires a re-architecture, but there are some secondary measures information security teams can take to safeguard faulty applications. This expert tip maps out the steps security professionals should take to lock down their Web applications.

    Download

  • Web-facing applications: Security assessment tools and strategies

    Read this expert E-guide to find out how you can properly asses web application threats and the tools your organization can use for protection. Learn how to mitigate likely web application threats and how you can ensure your business is protected.

    Download

  • E-Guide: Keys to Protecting Web Applications from Vulnerable Exploits

    Today’s attackers are stealing substantial amounts of confidential information every day by exploiting vulnerable Web application servers. This expert e-guide highlights the most popular Web application attack methods and offers advice on how to keep your network safe through URL filtering.

    Download

  • 5 things you need to know about a Web Application Firewall

    Web Application Firewall (WAF) is a priority item for IT professionals who are struggling to protect their customer-facing and mission-critical applications. WAFs detect and protect web applications from attacks that try to exploit vulnerabilities. In this white paper, learn 5 things you need to know before buying a WAF.

    Download

  • Web Application Firewalls: Patching, SDLC Key for Security, Compliance

    In this expert e-guide, discover how web application firewalls (WAFs), combined with a strong software development lifecycle (SDLC), are playing an essential role in web application security and compliance. See how you can achieve a strategic, defense-in-depth approach to enterprise security by reading on now.

    Download

  • The No BS Guide to Static Application Security Testing (SAST)

    Network security is everywhere and we have all been hyperaware of securing the perimeter and having our firewalls on high alert. Now, application vulnerabilities are being exploited and it's time to do something about it. In this best practices guide, learn the steps to take towards implementing a successful application security program.

    Download

  • Even fintech startups battling to meet cyber security skills

    A study shows that most fintech startups, like most banks, are failing to address vulnerabilities in the web and mobile applications, underlining the scale of the challenge

    Download

  • PowerShell 6.2: Beginner’s guide

    Save a copy of this 10-page eBook to learn how to get started with PowerShell v6.2 – and how to start writing scripts that make your life as an IT professional easier.

    Download

  • Explore Interactive Application Security Testing (IAST)

    Interactive Application Security Testing (IAST) is a technology for automatically identifying and diagnosing software vulnerabilities in applications and APIs. IAST continuously monitors your applications for vulnerabilities from within. In this white paper, learn everything you need to know about IAST.

    Download

  • A comprehensive approach to reducing vulnerabilities

    In this white paper, discover a comprehensive approach to reducing vulnerabilities across your ecosystem.

    Download

  • DevSecOps delivers better business

    Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.

    Download

  • e-Guide: Evolving IT security threats: Inside Web-based, social engineering attacks

    Defending IT infrastructure involves understanding attack methods that are effective today. This expert e-guide highlights several characteristics of modern computer security threats to keep in mind as you assess and improve your information security program, and provides recommendations for dealing with them.

    Download

  • 19% better app security encapsulation with dynamic analysis

    Prioritizing security during development can become a hassle when trying to ensure an application delivers on operational functionality. Download this DevSecOps guide on dynamic testing and analysis benefits, and see how it can boost encapsulation from 22% to 39%.

    Download

  • E-Guide: How to Combat the Latest Cybersecurity Threats

    It takes a great deal of time and money to fine-tune IT security in response to evolving IT security threats and attack tactics. This expert e-guide provides an in-depth overview of modern computer security threats and offers technical advice on how to deal with them.

    Download

  • NetSec case study: How this university built custom detection scripts

    Learn how this top research university was able to meet all of their network traffic analysis requirements with fast network log searches, expanded custom detection scripting capabilities, and more.

    Download

  • How to protect your organization against domain name homographs

    Internationalized Domain Names (IDNs) are often abused by cybercriminals to conduct malicious activities, such as phishing or malware distribution. In this new research report, Farsight Security Global Internationalized Domain Name Homograph Report, examine the prevalence and distribution of IDN homographs across the Internet.

    Download

  • Smart cards: security risks

    This article in our Royal Holloway Information Security Thesis series assess the new features introduced in Java Card 3 Connected Edition smart card specification and their associated security risks.

    Download

  • Exchange Insider E-Zine Vol. 14: Securing Mobile Devices and Exchange

    This essential e-zine reviews key BYOD concerns and considerations for Exchange admins, and offers tips for addressing the technical logistics of delivering secure email access to mobile devices. Learn how to leverage PowerShell scripts, ActiveSync data, and more.

    Download

  • The key to secure application code? Essentials Edition SAST.

    Download this white paper to learn how a static application security testing (SAST) tool, can help your teams ensure that app code is secure – from development to pre-production – through effective scanning and remediation of vulnerabilities.

    Download

  • SATA for microservices: Why is it so important?

    In the race to get to market, the last thing you want is to overlook the security of your microservices architecture. Don't leave your development process vulnerable. Click inside to learn about a Static Applications Security Testing (SAST) offering that allows you to ensure your microservices are as safe as possible.

    Download

  • Choosing the right mobile app security testing option

    Download this solution brief to compare several offerings from a suite of mobile app security testing options that utilize a combination of dynamic and static automated scanning.

    Download

  • DevSecOps delivers better business

    Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.

    Download

  • Learn how PowerShell is being leveraged by cyberattackers

    While intended for system administration and the automation of daily maintenance and management tasks, PowerShell has become a preferred tool for cybercriminals. In this white paper, learn more about how PowerShell is being leveraged by cyberattackers and how enSilo can protect your endpoints against this increasing threat.

    Download

  • Cloud-based firewall secures data across the hybrid network

    Read this resource for the advantages of using a cloud-based firewall to optimize the performance and management of distributed networks, to scale across any number of locations and apps, and to protect your network perimeter with granular app controls.

    Download

  • Technical Guide on Emerging Threats

    It takes time and money to adjust IT security in response to evolving attack tactics. As defenders gradually update their security measures, attackers respond accordingly. Such arms-race dynamics lead to threats of increasing sophistication and efficiency.

    Download

  • Your guide to container security

    There has been an explosive growth of containers. So, what are the primary threats to container environments? Explore this guide to uncover how to assemble an effective container security program to protect against the looming threats.

    Download

  • Security for the PCI compliant environment

    This white paper examines the applicability of Trend Micro's Hybrid Cloud Security Solution, specifically Trend Micro Deep Security, to secure Payment Card Industry (PCI) data in accordance with the PCI DSS when used in physical, virtual, cloud, or container environments.

    Download

  • 4 major cyberattack methods and how to defend against them

    The question is not whether you will be attacked. It's when, by what, and how badly your company's reputation or finances will be damaged. In the world of cybersecurity the wrong time to consider defense is after the attack has occurred. In this white paper, learn about different attack methods and how to protect your company.

    Download

  • Security challenges with content management systems and platforms

    In this white paper, learn how WordPress, VPNs, outdated TLS, and web apps built with modern stacks can increase the risk of security breaches and how to reduce that risk.

    Download

  • Beating web application security threats

    Application security plays an important role in ensuring the accuracy and confidentiality of data, yet at times teams may fear that security can interfere with overall performance. Read this e-book for tips that discuss the value of application security and explain how to implement it to ensure the highest availability and usability.

    Download

  • Top 5 attack vectors

    This white paper walks through the top 5 security attacks, by providing insights into tactics, techniques and procedures commonly used by threat actors. Then, find out how a managed detection and response strategy can take your security protocols to the next level and protect your organization.

    Download

  • Secure source code for all your apps, not just the critical ones

    App vulnerabilities originate with the source code, and you'll want to secure more of your source code in both development and production. But it's easier said than done for security pros to review source code continuously. Uncover a new static application security testing subscription service to address this problem.

    Download

  • Handling holiday site traffic: A checklist for online retailers

    Retailers are preparing for the upcoming holidays, the most lucrative time of the year for online shopping. If you haven’t already begun capacity planning or upgrades to your online store infrastructure, there’s still time to get ready. This guide will provide you with a checklist to make sure your online store is ready for the holidays.

    Download

  • Computer Weekly – 4 July 2017: Be better connected in a wireless world

    In this week's Computer Weekly, we look at the latest developments in wireless technology and how to deliver secure and reliable wireless networks. We examine Microsoft's PowerShell scripting language to understand why it's such an important tool. And we ask CIOs what it's like to cross the divide and work for IT suppliers. Read the issue now.

    Download

  • eGuide: Expert Tips for Deploying Secure Messaging Technologies

    This eGuide discusses the critical importance of securing these messaging systems and looks at various methods for protecting the information that is transmitted via these technologies.

    Download

  • CW+: Analyst's take: Cyber-Ark benefits privileged account management

    Managing privileged accounts requires balancing accessibility and control while ensuring audit capabilities.  Cyber-Ark enables organizations to increase administrator productivity while reducing risk.

    Download

  • 29 pg. guide: Nutanix AHV cluster and scripting best practices

    Inside this 29-page eBook, learn best practices for running Oracle databases on Nutanix AHV clusters, as well as tips and ESXi settings recommendations for iSCSI, networking, Linux OS, and more.

    Download

  • Limiting malware propagation - a way forward

    This article in our Royal Holloway Information Security Thesis Series puts forward a suggestion for the creation and implementation of a hypervisor at a layer below the operating system.

    Download

  • Application security best practices

    According to the Verizon DBIR, 60% of breaches involved web app attacks. Take a look at this white paper to discover best practices for application security as well as a case study example to prove the benefits of the application security best practices.

    Download

  • SIEMless threat management for your organization

    As the variety and sophistication of exploits continues to grow, even large, mature Fortune 100 security teams are feeling unprotected. In this resource, explore how your organization can tackle today's evolving cybersecurity threats, expanding compliance risks, and the all-too-common resource constraints.

    Download

  • Endpoint security solution brief: Monitor activity, track behaviors, and detect threats

    When it comes to developing a security strategy, organizations should strive to view their entire environment as a single landscape. Critical to this is endpoint security, which enables organizations to monitor activity, track behavior & detect threats. In this paper, dive deeper into the advantages of endpoint security capabilities.

    Download