Webapplicationsecurity
Webapplicationsecurity
• API gateways: Which help identify overlooked ‘shadow APIs,’ and block
traffic known or suspected to target API vulnerabilities. They also help
manage and monitor API traffic.
• DNSSEC: A protocol which guarantees a web
application’s DNS traffic is safely routed to the correct
servers, so users are are not intercepted by an on-path
attacker.
• Encryption certificate management: In which a third
party manages key elements of the SSL/TLS encryption
process, such as generating private keys, renewing
certificates, and revoking certificates due to
vulnerabilities. This removes the risk of those elements
going overlooked and exposing private traffic.
• Bot management: Which uses machine learning and
other specialized detection methods to distinguish
automated traffic from human users, and prevent the
former from accessing a web application.
• Client-side security: Which checks for new third-party
JavaScript dependencies and third-party code changes,
helping organizations catch malicious activity sooner.
• Attack surface management: actionable attack
surface management tools should provide a single place
to map your attack surface, identify potential security
risks, and mitigate risks with a few clicks.
What application security best practices should
organizations expect from their vendors?