Web Security Blog

HTTP security headers: An easy way to harden your web applications

Modern browsers and web servers support many HTTP headers that can greatly improve web application security to protect against clickjacking, cross-site scripting, and other common types of attacks. This post provides an overview of best-practice HTTP security headers that you should be setting in your websites and applications and shows how to use DAST to make sure you’re doing it right.

The OWASP API Security Top 10 demystified

What’s the big deal with post-quantum cryptography?

Invicti Security

How the DORA framework mandates application security testing (and many other things)

A voyage of discovery: Talking APIs with Frank Catucci and Dan Murphy

All in one place: Discovery and security testing across your APIs and applications

XSS filter evasion: Why filtering doesn’t stop cross-site scripting

Polyfill supply chain attack: What to do when your CDN goes evil

How to prevent XSS attacks

Invicti Security

What the OWASP Top 10 for LLM applications tells us about generative AI security

Making sense of AppSec vs. DevSecOps

How bad is a missing Content-Type header?

Why Predictive Risk Scoring is the smart way to do AI in application security