Rock and roll. Food and drink. Web application security and API security. Some things are just better together, especially when keeping them separate means inefficiencies, costs, and increased risk. But while nobody has problems combining food and drink, putting API and application security on the same table has been a challenge—until now. With its API […]
XSS filter evasion covers numerous methods that attackers can utilize to bypass cross-site scripting (XSS) filters. A successful attack requires both an XSS vulnerability and a way to inject malicious JavaScript into web page code executed by the client to exploit that vulnerability. The concept of XSS filtering is to prevent attacks by identifying and […]
Important Information: On June 25, 2024, the cdn.polyfill.io domain began injecting malware into the popular polyfill.js library, which was utilized by over 100,000 sites. Cloudflare took action on June 26 by automatically redirecting requests from cdn.polyfill.io to their secure mirrored version of the library. More details can be found here. From June 27 onwards, […]
JavaScript has evolved significantly from just being used sparingly on static HTML web pages to add dynamism. It has now become an essential component of modern web applications, leading to cross-site scripting (XSS) becoming a common security vulnerability—and making successful XSS attacks much more impactful. JavaScript is no longer limited to enhancing client-side functionality through […]
The Open Web Application Security Project (OWASP) has put together the Top 10 list for LLM applications to raise awareness about application security risks in the context of generative AI. While some risks associated with large language models (LLMs) are well-known, there is often a lack of understanding of where AI security fits into the […]
You may have seen, especially on social media, many “expert” opinions on cybersecurity that freely mix and match seemingly unrelated terms. In the field of application security specifically, you will see people asking about things like the difference between AppSec and DevSecOps—a really strange thing to ask until you realize that in some contexts, people […]
If it walks like a duck and quacks like a duck, it’s still not a duck unless it has an application/duck Content-Type header Web design was a lot simpler 20 years ago. You had an invisible table over the whole height and width of the page, a few GIF images, and optionally some HTML. There […]
Invicti recently launched its Predictive Risk Scoring feature, which is a groundbreaking industry first that can generate accurate security risk predictions before vulnerability scanning even begins. To learn more, visit Predictive Risk Scoring for details. This feature utilizes a custom-built machine learning model trained on real-world vulnerability data (excluding customer data) that is operated internally […]
Modern application security must be built in from the outset and reinforced continually throughout the software development lifecycle. Even organizations with mature application development practices need automated tools to successfully and repeatably secure their software in complex, fast-changing environments. Security leaders commonly focus on ensuring software security through runtime protection measures, with major cloud service […]
DevSecOps is a software development approach that aims to integrate security practices into DevOps processes. Implementing DevSecOps efficiently requires organizations to make security an integral part of software quality by using automated security tools in their CI/CD pipeline. Crucially, the DevSecOps approach to software development offers a way to embed application security into the entire […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC
