This report provides helpful information on XSS.

From The Report, “This article is third in a five-part series developed by Dr. Edward Amoroso in conjunction with the mobile security team from Blue Cedar. The article provides an overview of various mobile app security methods including per-app VPN, containers, and micro-segmentation.”

This is a threat advisory for Ticketac Mobile Apps

This is the 12th annual WhiteHat Security Statistics Report. This year they’ve added some real metrics around DevSecOps. They’ve also added a new SAST section and a mobile security section.

The Stuxnet and Ukranian power grid attacks give us clear ideas about how much damage a determined adversary can inflict not only on the business or operation concerned, but also on the general public. This paper takes a look at critical infrastructure attacks.

This report takes a look at the harmful practice of web scraping.

Get detailed cloud security insights about DDoS and web application attack trends observed across the Akamai Intelligent Platform™ for Q1 2016. Highlights include: 1) A 23% increase in DDoS attacks and a 26% increase in web application attacks, compared with Q4 2015, setting new records for the number of attacks in the quarter 2) The rise in repeat DDoS attacks, with an average of 29 attacks per targeted customer – including one customer who was targeted 283 times 3) The continued rise in multi-vectored attacks (56% of all DDoS attacks mitigated in Q1 2016), making mitigation more difficult

This report is a kind of dossier on the hacker community. It lets you in to their world, to know their mindset, and thoughts on the bug bounty community.

This report gives a detailed breakdown of DDoS attacks in Q4 of 2015.

Readers are encouraged to use this report to get a better understanding of the current threat landscape, including trends specific to different contexts like region, time of day, industry, and more, in order to better fine-tune defenses for meeting the security needs of their unique environments.

Veracode’s intention is to provide security practitioners with tangible AppSec benchmarks with which to measure their own programs against. They’ve sliced and diced the numbers to offer a range of perspectives on the risk of applications throughout the entire software lifecycle. This includes statistics on policy pass rates against security standards, the statistical mix of common vulnerability types found in applications, flaw density and average fix rate.

Don’t let Hollywood fool you: carrying out an attack doesn’t resemble the plot of an action movie. Attackers don’t automatically breach a network, immediately locate the information they want and then swiftly exit the organization. Attacks are complicated operations that unfold over multiple steps and take time, weeks and oftentimes months to achieve the desired goals.

This Report takes a look at the top 5 data security threats and analyzes what a company can do about them.

This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures.

This report provides analysis and information related to Joao Malware which has attacked video gamers.

In this, the eighth volume of this report, they present metrics that are based on real application risk postures, drawn from code-level analysis of nearly 250 billion lines of code across 400,000 assessmnets performed over a period of 12 months between April 1, 2016 and March 31, 2017.

The Internet of Things is becoming and area of danger for security risks. This paper discusses the cyber security issues related to the internet of things, and discusses how people should be taking action to protect their devices.

This report is based on a study done in 2017 to analyze security issues in CakePHP.

This report includes research on the evolving state of cloud security.

This is an annual report that provides an inside look into the economics and emerging trends of bug bounties, with data collected from Bugcrowd’s platform and other sources throughout 2016. This report is published on a yearly basis for CISOs and other security decision makers to provide a transparent look at the evolving bug bounty market.

This whitepaper provides an excellent resource for understanding SQL Injection attacks, in a web application environment.