Application Security - RH-ISAC Blog

The use of mobile phones is expanding worldwide, with approximately 6.65 billion currently in use. As smartphones become ubiquitous, an increasing number of the world’s e-commerce transactions are taking place on mobile devices, leading to the coining of the term “mcommerce” to describe the new method of shopping. eMarketer predicts that by 2024 nearly 70%…

According to the U.S Department of Commerce, e-commerce sales in the first quarter of 2022 accounted for 14.3% of total sales. Secure web applications are essential for modern retailers, but many are still struggling to combat common web application risks, including ones such as cross-site scripting and code injection that have been around for years,…

WAFs, or web application firewalls, have been around since the late 1990s, becoming popular in the early 2000s when OWASP formalized its top 10 list of application vulnerabilities. WAFs are designed to monitor and block suspicious HTTP traffic from reaching your web applications. This is typically done based on a series of rules that block…

Application programming interfaces (APIs) are essential to the functioning of the cloud. APIs are what allow access to and management of cloud services. They also are frequently used to connect microservices, such as containers, within the cloud. In the last decade, application development has moved away from the creation of one monolithic application in favor…

DevSecOps is an approach to application development that emphasizes collaboration between the development, security, and operations teams. Security is introduced early and is continuously monitored throughout the development lifecycle so a secure application can be rapidly released with fewer security-related bottlenecks when it reaches production. Companies that adopt a DevSecOps approach need tools that can…

According to the 2022 Imperva Bad Bot Report, 27.7% of online traffic came from bad bots. For retail websites, it’s 23.6%. Bots routinely target retail sites with scalping and denial of inventory attacks, as well as fraud, gift card fraud, and account takeovers. The problem that many organizations are facing today is how to distinguish…

Mobile apps can serve as a convenient way for your customers to do business with you from their smartphones, but just like criminals can attempt to spoof your domains, they can also spoof your mobile app, even if you don’t have one. Rogue mobile apps are applications that use a trusted brand name to steal…

APIs have become increasingly prevalent in the last few years as companies have begun to focus on digital transformation and migration to the cloud. APIs are a large part of what makes the cloud possible. They’re used to access and manage our cloud resources and connect microservices to build our applications. As developers grew to…

When you think “security awareness,” the first thing that comes to mind is likely the training you provide non-security staff related to persistent threats like phishing. While this type of training will always be important, it is also becoming necessary to augment traditional programs with specialized application security awareness training for your CI/CD-related teams as…

Over the past few years, DevSecOps has become a buzzword in application security. You may understand the concept — security is integrated into your continuous integration/continuous delivery pipeline to find and fix vulnerabilities earlier in the software development lifecycle — but how do you actually implement DevSecOps? One of the keys to successful DevSecOps implementation…