How and Why to Use APIs to Strengthen Your AppSec Strategy

Posted by Kelly Brazil | VP of Sales Engineering on May 13, 2019 12:15:00 PM

APIs are at the heart of modern applications and have quickly become a favorite target of attackers. And for good reason - they expose a wealth of functionality and attack surface that is often poorly defended. In our previous article we introduced the key building blocks of API security that can help ensure your APIs get the same level of protection as the web front-end of your application.

Read More

Topics: Web, Application & Hybrid Cloud Security

Strengthen Your Web App Defenses Using Behavioral Analysis and Attacker Deception

Posted by Bob Violino on May 7, 2019 9:27:00 AM

For many enterprises today, Web and cloud applications are critical components of the business. And for the ever-increasing number of companies conducting business online, they are the business. 

Read More

Topics: Web, Application & Hybrid Cloud Security

Top API Security Challenges and How to Address Them Today

Posted by Kelly Brazil | VP of Sales Engineering on Apr 29, 2019 8:27:56 PM

APIs have altered the attack surface of modern applications and exposed new gaps in security in the process. In the old days, virtually all application traffic passed through the web front-end of an application, and unsurprisingly that is where security efforts were focused. APIs have quickly and thoroughly eroded this basic assumption.

Read More

Topics: Web, Application & Hybrid Cloud Security

Web Application Firewalls 101 - Keywords to Bookmark

Posted by Mackenzie Jacobson on Apr 25, 2019 4:05:00 AM

Web security is not a new concept. From the dawn of the Internet, cyber criminals have been experimenting with and mastering ways to exploit the data housed within online properties. And as businesses increasingly transition online, the volume of attacks has skyrocketed. According to a recent study,* the number of new vulnerabilities per month exceeded 17,000 in 2018. That’s nearly a 23% increase from 2017. From 10-person startups to thousand-person enterprises, cyber threats are an equally legitimate concern (or at least they should be). Arm yourself with the tools you need to protect your business from malicious attacks (automated or not). The first step is familiarizing yourself with the keywords/terms used most frequently in the application security space.

The following post details, alphabetical order, the first 10 keywords:

Read More

Topics: Web, Application & Hybrid Cloud Security

Malicious Bot Detection Through A Complex Proxy Network

Posted by ThreatX Labs on Apr 17, 2019 7:03:26 AM

A malicious entity operating a botnet to execute credential stuffing or password spraying attacks will frequently be stopped after a series of application login attempts by an app security solution, such as a WAF, and specific bot protection solutions. As a result of these attempts, IP addresses used by the attacker will often end up in IP reputation lists and will be blacklisted by many sites.

Read More

Topics: Threat Intelligence

Automation - Business Ally and Security Adversary?

Posted by Will Woodson | Lead Security Engineer on Apr 15, 2019 9:33:38 AM

In a world where speed and agility is expected by consumers and required for business operations, automation has become key component of successful enterprise operations, from identity and access management to patching. But it goes beyond that. Automation has enabled many security teams to transfer maintenance burdens and manual tasks from security teams to applications, which in turn, frees skilled human workers to focus their energy on strategic initiatives. Unfortunately, that's not the end of the story. Without proper parameters, automation can actually introduce critical security vulnerabilities and serve more as an adversary than an ally. 

Read More

Topics: Web, Application & Hybrid Cloud Security

Attacks Against IoT Devices Through APIs & How to Prevent Them

Posted by Andrew Useckas | CTO on Apr 9, 2019 6:41:00 AM

You would never leave the keys to your building lying around, so why do so many organizations leave the keys to their business exposed?

Read More

Topics: Web, Application & Hybrid Cloud Security

Best Practices for Automation in Cyber Security

Posted by Jeremiah Cruit | CISO on Apr 1, 2019 1:25:37 PM

Automation has become a central component to growing and successful businesses. This holds true in the cybersecurity sector as well, specifically with identity and access management, patching, and network change management. No matter the business, the goal of automation remains the same - improving response and task completion times or freeing skilled human labor from mundane tasks. And while automation successfully returns those benefits, among many others, if automation functions are not implemented with a few key considerations, the implications can end up outweighing the benefits.

Read More

Topics: Web, Application & Hybrid Cloud Security

ThreatX Labs - Blog

Arm yourself with information and insights on the latest cybersecurity trends to defend against today's most advanced cyber criminals with articles from the leader in SaaS-based web application firewall solutions.

Subscribe Here!

Recent Posts

Follow Me