While traditional penetration testing (pen testing) has long been the go-to method for identifying security gaps in a organization’s network and web application, a new approach has emerged: ...

The best way to learn to play defense is to play offense, and the OWASP Broken Web Applications Project makes it easy for application developers, novice penetration testers, and security-curious ...

Six months ago, I started my own journey learning web app penetration testing from scratch. Several people have asked me to compile these resources into one compendium aimed at those with little or no ...

Ah, the Web. It has generally made business easier and cheaper, but specifically made information security harder and more expensive. Companies in all sorts of industries are rushing to create ...

There's been a lot of talk in the security industry about the death of the perimeter, as protection technologies on the edge of the network have proven to be insufficient to fully stopping today's ...

SPI Dynamics – These days, the biggest threat to an organization’s network security comes from its public Web site and the Web-based applications found there. Unlike internal-only network services ...

From vendors offering code security tools to those protecting inboxes and websites against attacks, here’s a look at 20 key companies in web, email and application security. Among the major ...

Web applications are able to protect your Web assets from attack – especially websites. Discover the best Web application firewalls, as we explore the market and recommend our top choices. Websites ...

Andrei Neacsu is a cofounder and managing partner at HyperSense. The role of web applications in today's businesses amplifies the repercussions of weak security—leading to potential revenue loss, ...

As I write these words, many Ruby on Rails developers are worried. The framework that so many of us have used and enjoyed for so many years, turned out to have some serious security flaws. It's not ...