Overview The application protection feature is developed based on the runtime application self-protection (RASP) technology. This feature can detect attacks and provide self-protection during application runtime. You do not need to modify code to use the application protection feature. You need to only install the RASP agent on the servers or containers on which your […]
File upload vulnerabilities arise from insecure file upload implementations. Especially when the component performs poor or no validation at all on the uploaded file. This behavior can lead to bad actors uploading malicious payloads, such as PHP or ASP files, and attempting to execute code on the target server. Because of this, file upload vulnerabilities […]
A Java deserialization vulnerability occurs when a Java application deserializes untrusted data and is a seldom-mentioned yet massive Application Security issue. During the deserialization process, the data is transformed from its stream of bytes (binary representation) into an object that the application can use. This process is made possible by the Apache Commons Collection library. The name of […]
Cross-site scripting is an attack performed on vulnerable web applications that manipulates the app to send malicious scripts to users. An attacker injects a malicious script into a legitimate, trusted website to access personal data of other users, control their browser, or in severe cases, control the application itself. Attacks like these can be split […]
SQL injections are one of the most common web application security threats used by attackers. SQL injection attacks, or SQLi attacks, have remained one of the top three most critical security risks on the Open Worldwide Application Security Project (OWASP) Top 10 list since 2007. A SQL injection attack is a web application attack in which the attacker […]
Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. This might include: In some cases, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data or behavior, and ultimately take […]
Command injection is a technique where a malicious actor tries to execute OS commands on the system hosting the application. Some features might need you to use system commands. And in some cases, user input is part of these commands. For example, you could be storing users’ data through your application in a folder named […]
Introduction to shift left In the fast-paced realm of software development, DevOps, and DevSecOps, the shift left testing methodology is gaining traction. In traditional waterfall development, testing happens late in the process right before deployment into production environments. Problems discovered during these latter stages require more time and resources to fix or redesign, which can result in costly […]
SDLC defined SDLC stands for software development lifecycle. It’s a ubiquitous framework for managing an entire software project from start to finish, ensuring consistency, efficiency, and quality. Typically, the SDLC has several key stages, including requirements gathering and analysis, system design, coding, testing, deployment, and maintenance and support. Ideally, this is a circular process that […]
Why is DAST important for application security? Although billions of dollars have been invested into AppSec tools, 85% of applications still contain known vulnerabilities, with most breaches occurring at the application layer, according to the GitHub software security guide. DAST tools are a type of security tool that can be used as part of an application […]
