Web Security Zone
5 Reasons Not to Rely on Bounty Programs
Congratulations! You’ve made the right decision to start a bounty program. Does that mean that you can maintain a secure posture without a web vulnerability scanner and manual penetration tests? And if ...
Are You Keeping Up with Web Application Security?
Opinion: Almost every business that has computers buys an antivirus solution. However, relatively few businesses that have their own websites buy vulnerability scanners. I believe that most people don’t buy solutions to ...
How Scanners Find Vulnerabilities
Vulnerability scanners are not that different from virus scanners. In both cases, the goal of the software is to find something out of the ordinary in the target. A virus scanner scans ...
How To Benchmark a Web Vulnerability Scanner?
You’ve made the right decision to improve your web application security stance and perform regular web application scanning. However, there are several renowned web vulnerability scanners on the market and you have ...
DevSecOps with Acunetix – The Human Factor
The old-school DevOps model, where the security team works in a silo, separated from agile development teams, introduces a lot of tensions. With such an organization, developers often perceive security analysts ...
5 Reasons Why Web Security Is Important to Avoid Ransomware
In the world of IT security in general, 2020 so far could be called the year of ransomware. The news is full of reports of new ransomware attacks and based on the ...
Would the Real IAST Please Stand Up?
Opinion: The term Interactive Application Security Testing (IAST) is probably the vaguest in the world of application security testing. Any tool that extends beyond the traditional DAST or SAST model may use ...
What Is the R.U.D.Y. Attack
R.U.D.Y. (R-U-Dead Yet) is a denial-of-service attack tool. Unlike most DoS and DDoS attack tools, the R.U.D.Y. attack tool uses Layer 7 (it is an application layer attack). The attack technique of ...
Web Application Security Testing in an Agile Software Development Life Cycle – A Technical Case Study
We’ve teamed up with Acme Corporation (name changed for privacy and security reasons) to bring you a very detailed look at how a medium-sized business managed to successfully include web security testing ...
What Top Web Attacks Can We Expect in the New OWASP Top 10?
The latest edition of the Open Web Application Security Project Top Ten was released in 2017, four years after the previous one. Therefore, we can expect that the new version of this ...
