Hot Topics

Web Apps

Educating the Next Cybersecurity Generation with Tib3rius

| | Application Security, AppSec, Bug Bounties, bug bounty, Burp Suite, career, Content Creation, Cyber Security, Cybersecurity, cybersecurity career, Data Privacy, Digital Privacy, Episodes, hacker, Hacking, Information Security, Infosec, penetration tester, Penetration Testing, pentesting, Podcast, Podcasts, Privacy, security, TCM Security, technology, Tib3rius, training, Veracode, Web App Hacking, Web Application Hacking, web applications, Web Apps, Weekly Edition
In this episode we explore the remarkable journey of Tib3rius, a web application hacking expert and content creator. In this engaging conversation, we discuss: Tib3rius’ passion for community education and content creation ...
Shared Security Podcast
Freebie Bots: The Latest Threat to Retailers this Holiday Season and Beyond

Freebie Bots: The Latest Threat to Retailers this Holiday Season and Beyond

| | , automated threats, black friday, Bot Defense, bot detection, bot management, bot mitigation, bot protection, Christmas shopping, cyber monday, eCommerce holiday sales, Ecommerce Security, freebie bots, holiday readiness, Industry Trends, retail threats, Web Apps
Special Thanks to Kasada Research and Threat Intelligence Team for their contributions and insights Introduction: What are Freebie Bots? Steep discounts drove Cyber Monday online sales to hit a record of $11.3 ...
Kasada

Why I Joined Kasada: Redefining Application Security

| | API security, Application Security, automated threats, Bot Defense, bot detection, bot management, bot mitigation, bot protection, culture, hiring, Industry Trends, Threat Intelligence, Web Apps
Automated threats to websites, mobile apps, and APIs aren’t new at all. But that’s what makes the current state of Application Security and API Security so fascinating. The reality is these threats ...
Kasada
Automated Threats are a Moving Target

Top 19 OWASP Automated Threats in eCommerce: Disrupt Them with Bot Mitigation

| | automated threats, Bot Defense, bot detection, bot management, bot mitigation, bot protection, Ecommerce Security, Industry Trends, modern bot mitigation, owasp, owasp automated threats, Retail Cybersecurity, web applications, Web Apps
A Rise in Online Business Disruption from Automated Threats Where there is money, there is greed. And where there is greed, there is exploitation. Such is the case with the rapidly growing ...
Kasada
Top 19 OWASP Automated Threats in eCommerce: Disrupt Them with Bot Mitigation

Top 19 OWASP Automated Threats in eCommerce: Disrupt Them with Bot Mitigation

| | automated threats, Bot Defense, bot detection, bot management, bot mitigation, bot protection, Ecommerce Security, Industry Trends, modern bot mitigation, owasp, owasp automated threats, Retail Cybersecurity, web applications, Web Apps
A Rise in Online Business Disruption from Automated Threats Where there is money, there is greed. And where there is greed, there is exploitation. Such is the case with the rapidly growing ...
Kasada
Integration

Integration at the Heart of Everything

| | Application Security, Blog, Web Apps, Web security
From the day we started building Tala, we’ve been motivated to not only build the best possible product for our customers, but also to make it incredibly easy to use. For us, ...
Tala Blog
Upcoming Features of Subresource Integrity 2.x

Upcoming Features of Subresource Integrity 2.x

| | owasp, security, SRI, Web Apps
As a response to the growing number breaches involving CDNs, the first release of the Subresource Integrity (SRI) was published hastily in late 2015. The W3C WebAppSec Working Group decided to leave ...
Rainbow and Unicorn
Scanning Sites for SRI Usage with sritest.io

Scanning Websites for SRI Hash Usage with sritest.io

| | Coding, Javascript, Malware, owasp, SRI, Web Apps
Third-party hosted website assets, such as JavaScript libraries, are vulnerable to tampering. However, a new technique named Subresource Integrity (SRI) is here to protect these external assets. One problem is the slow ...
Rainbow and Unicorn
Bypassing WordPress Login Pages with WPBiff

Bypassing WordPress Login Pages with WPBiff

| | security, two-factor, Web Apps, wordpress
Two-factor authentication protected WordPress login pages can be bypassed because of certain unsafe NTP practices. The Internal clock of remote servers can be manipulated under the right conditions. Because certain WordPress Google ...
Rainbow and Unicorn
DEF CON 23 - Jose Selvi - Breaking SSL Using Time Synchronisation Attacks

Tricking Google Authenticator TOTP with NTP

| | security, two-factor, Web Apps, wordpress
Because of unsafe NTP practices, internal clocks on remote machines can be manipulated under the right conditions. Once time is altered, expired SSL certificates become valid again and causes HSTS policies to ...
Rainbow and Unicorn
Load more

Secure Guardrails