In many cases, passwords are the primary line of defense protecting user accounts from being hijacked in an ATO attack. With the right policies and parameters in place to ensure strong, unique passwords, this defense can be quite effective. According to a 2019 survey by Google, a staggering 65% of [...]
A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).
Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.
Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected vulnerabilities.