Web Security Blog

HTTP security headers: An easy way to harden your web applications

Modern browsers and web servers support many HTTP headers that can greatly improve web application security to protect against clickjacking, cross-site scripting, and other common types of attacks. This post provides an overview of best-practice HTTP security headers that you should be setting in your websites and applications and shows how to use DAST to make sure you’re doing it right.

About that vulnerability… Are you sure it’s fixed?

The HHS outlines vital new pillars of action for cybersecurity in healthcare

3 big reasons why 2024 will be a fierce and noisy year for cybersecurity

CVSS 4.0 is here. Will it make vulnerability scores more useful?

Never mind the buzzwords: Here’s the straight deal on application security

Looking for the best in DAST: How to select DAST tools for DevSecOps

SolarWinds, the SEC, and the CISO: Who is legally responsible for security?

An abundance of caution: Why the curl buffer overflow is not the next Log4Shell

Rapid Reset HTTP/2 vulnerability: When streaming leads to flooding

Top 5 application security misconfigurations

Hacking the hackers: Borrowing good habits from bad actors