Web Security Blog

HTTP security headers: An easy way to harden your web applications

Modern browsers and web servers support many HTTP headers that can greatly improve web application security to protect against clickjacking, cross-site scripting, and other common types of attacks. This post provides an overview of best-practice HTTP security headers that you should be setting in your websites and applications and shows how to use DAST to make sure you’re doing it right.

How to choose the right application security tools

What is DevSecOps and how is it evolving?

AppSec prioritization goes proactive with AI-backed Predictive Risk Scoring

NIST CSF 2.0: The world’s favorite cybersecurity framework comes of age

The xz-utils backdoor: The supply chain RCE that got caught

Why DAST makes the perfect security posture gauge

Never trust an LLM: Prompt injections are here to stay

More than a box to tick: Meet the real DAST

Will autonomous hacking bots change cybersecurity forever?

How AI makes cybersecurity even more asymmetric

Customer feedback and continuous improvements: The perfect AppSec match

3 ways that security tool sprawl can hurt application security testing