Application Protection Research Series

We focus on applications because your adversaries focus on applications.

Applications have become the focal point of the Internet, the workhorses behind organizations of all types. Attackers have figured this out, and they target applications more than anything else (besides people). This research series ties together trends and data from a number of perspectives to give an overall picture of the application security threat landscape.

INTRO EPISODE
2019 Application Protection Series

Why Application Security?

Find out why we care so much about application security, how applications have grown into the weird beasts that they are today, and how our work fits into the bigger picture of securing and running an application.

EPISODE 4
2019 Application Protection Series

2018 Access Attack Trends

The tactic that featured most prominently in U.S. data breaches in 2018 was access attacks, such as phishing or credential stuffing. We identified the patterns, noted how access attacks have changed, and provided some tips on how to prevent them.

EPISODE 3
2019 Application Protection Series

Web Injection Attacks Get Meaner

One of the tactics that accounted for a big chunk of U.S. data breaches in 2018 was injection. Even though injection has been around for a long time, new trends in web architecture made it particularly effective in 2018.

EPISODE 2
2019 Application Protection Series

2018 Breach Trends

We analyzed more than 700 U.S. data breach reports to understand what kinds of attacks were succeeding. We found two tactics that were responsible for most of the successes, and that there were patterns between organizations’ business models and how they got hacked.

EPISODE 1
2019 Application Protection Series

PHP Reconnaissance

As we reviewed untargeted reconnaissance traffic for 2018, one pattern stuck out so much that we had to report on it before anything else. It turned out that 37% of all the honeypot traffic we caught came from just two North American IPs seeking old PHP vulnerabilities.


See the Lifecycle of the 4 Major Attack Types:

Click through the animations below to understand how different attacks unfold.
 

Related Content

Read additional content here from our 2018 Report
July 25, 2018
July 16, 2019
December 04, 2018
November 06, 2018
October 18, 2018
October 11, 2018
August 03, 2018
June 05, 2018
May 02, 2018
April 26, 2018
April 10, 2018