Web アプリケーション/API セキュリティ

A WAF is a specialized security solution that shields a web application from the internet, safeguarding the server by detecting and blocking malicious HTTP and HTTPS traffic to and from a web service.

A Distributed Denial of Service (DDoS) attack is a malicious attempt to impact the availability of a targeted system. The attacker uses multiple compromised sources to produce a volumetric attack.

Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy, and data integrity for communications over the internet.

API security involves the measures taken to protect APIs from unauthorized access, misuse, and attacks. Because APIs are commonly used and enable access to sensitive software functions and data, they are an increasingly desired target for attackers

Web application security is the process of protecting websites and web-based applications from security vulnerabilities and attacks, ensuring that the application is free from vulnerabilities that allow hackers to access sensitive data or disrupt the application’s functionality

An application programming interface (API) is a set of protocols that enable disparate software systems to communicate with each other regardless of their programming language or platform.

Learn how DDoS protection works and discover the proactive steps you can take to stay safe.

Managed Security Services (MSS) outsource the management and monitoring of an organization’s security to a third-party service provider, known as a Managed Security Service Provider (MSSP).

A WAAP (Web Application and API Protection) is a powerful security system built to shield web applications and APIs from a wide range of cyber threats, including injection attacks, bots, and API abuse.

Learn best practices for remaining GDPR compliant

An account takeover (ATO) is a form of identity theft that occurs when a malicious actor gains unauthorized access to a user's account by acquiring login credentials, such as usernames and passwords, through various tactics.

JWT (JSON Web Token) is a commonly used protocol for securely transmitting data as a JSON object, verified by a digital signature. It's commonly implemented for authentication, authorization, securing APIs, and enabling Single Sign-On functionality.

Standard Transport Layer Security (TLS) encryption is a security protocol used to ensure privacy and maintain data integrity during Internet communications.

AuthN confirms someone's identity when they need access to protected information. AuthZ determines the actions or resources an authenticated person can access or use.

OAuth (Open Authorization) is an open standard authorization framework that enables an application or website to securely access resources on another service without sharing a user's credentials.

A DDoS booter is a malicious tool offered as a software-as-a-service (SaaS) platform, enabling cybercriminals to amplify and intensify distributed denial-of-service (DDoS) attacks against targeted network infrastructure.

Data loss prevention is a cybersecurity practice of using specific tools and practices focused on detecting and preventing the misuse, loss or leakage of data in breaches, exfiltration, or any other form of unauthorized use.

An application-layer DDoS attack is a malicious attempt to overwhelm web applications by exploiting Layer 7 of the OSI model. It targets specific application vulnerabilities to disrupt service availability.

Zero trust is a security approach centered on enforcing the authentication, authorization, and continuous validation of all users accessing an organization’s network. It treats every user trying to connect to an organization’s network as untrusted.

The OWASP Top 10, a reference standard providing ranking of and remediation guidance for the top ten most critical web application security risks, helps developers and security practitioners better understand and navigate the threat landscape.

Learn what a CAPTCHA is and how effective they are in keeping bots out.

Discover the differeces between a DoS attack and a DDoS attack.

Learn more about HTTP host header attacks and the types of attacks to look out for.