This year, we delve deeper into web entities, or content served over HTTP – think websites, web-based control panels, load balancers, and even APIs. Web entities have become a ubiquitous part of our daily lives, enabling us to shop, read the news, and stay in touch with loved ones. Our goal is to share our findings and analysis with the community to provide a deeper understanding of the complexities of the internet. We hope that readers can use these findings to enhance their understanding of the services that comprise the web and make more informed decisions about how to safeguard their digital assets.

In this edition of the State of the Internet/Security (SOTI) report, we continue to research the array of attacks observed in web applications and API, their impacts on the organization, and how vulnerabilities figure in the API landscape. Our goal is to illustrate the dangers posed by the web application and API attacks, with recommendations on how to successfully defend your network against such attacks.

Radware’s 2022 Global Threat Analysis Report reviews the year’s most important cybersecurity events and provides detailed insights into the attack activity of 2022. The report leverages intelligence provided by Radware’s Threat Intelligence Team, and network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network and Threat Research team.

This report includes insights on internet security, cyber risk, and security trends that organizations have face over the last year and what they need to prepare for in 2023. We’re sharing the critical information and our insights to help decision-makers in the information security community and insurtech sectors better understand the cyber risk landscape. Coalition’s data set includes internet scans of 5.2 billion IP addresses-an impressive number that comprises the entire IPv4 address space and relevant IPv6 addresses.

The goal of this Trend Report is to equip developers with the tools, best practices, and advice they need to help implement security at every stage of the SDLC.

The 2022 SIEM Report is based on a survey of 348 cybersecurity professionals and represents one of the industry’s most comprehensive annual studies on SIEM, exploring the latest trends, key challenges, and solution preferences in this market.

The State of Pentesting: 2020 report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. The scope of his exploration is black-box penetration testing (“humans”) against dynamic scanning and out-of-band testing (“machines”) for web applications.

An analysis on the indicators to be derived from detecting Internet of Things (IoT) in organization’s public internet facing profiles.

This report attempts to understand the theory and practice of web application security in organizations worldwide.

A review of web application vulnerabilities as seen through Acuentix’s web scans between March 2019 and February 2020.

This quarterly threat report offers insight into the DDoS attacks that occurred in the 2nd quarter of 2019.

A deep dive into the state of deploying the latest TLS version (v1.2) and the use of this signal for correlating with broader public-facing risk surfaces and characteristics of firms.

The inaugural threat report from the AWS Shield managed security service. Primarily covers volumetric statistics seen on the AWS Shield platform.

Overview of deployment of TLS encryption in the general internet and Alex Top 1000 sites.

This report from Bromium offers insights into notable threats and events from 2019.

To shine a light on the availability of SSL/TLS certificates on the dark web, the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program, sponsored by Venafi. This report details the preliminary findings of the research and outlines the volume of SSL/TLS certificates for sale on the dark web, including information on how they are packaged and sold to attackers. These certificates can be used to eavesdrop on sensitive communications, spoof websites, trick consumers and steal data. The long-term goal of this research is to gain a more thorough understanding of the role SSL/TLS certificates play in the economy of the dark web as well as how they are being used by attackers.

The problem that occurs when applications deserialize data from untrusted sources is one of the most widespread security vulnerabilities to occur over the last couple years. This article will provide background on the deserialization vulnerability, describe the limitations of the existing mitigation techniques and explain why Waratek’s Compiler Based solution is ideal in solving this problem.

Using information from Rapid7’s Project Sonar internet telemetry service, this report reviews several dimensions of demonstrated security controls for companies in the S&P 200 and ASX (Australian) stock indices.

From this one page report, “Healthcare organizations possess some of the most valuable information exchanged on the black market, including social security numbers, patient records, financial information and intellectual property. To help you understand the common attack types and trends facing the healthcare industry, we’ve compiled the following observations based on real data from across our client base.”

In mid-July, Palo Alto Networks Unit 42 identified a small targeted phishing campaign aimed at a government organization. While tracking the activities of this campaign, we identified a repository of additional malware, including a web server that was used to host the payloads used for both this attack as well as others. We’ll discuss how we discovered it, as well as possible attribution towards the individual behind these attacks.

This report provides new intelligence by the NCSC on two tools used by the Turla group to target the UK. It contains IOCs and signatures for detection by network defenders.