The first five months of 2026 have produced a series of significant GraphQL security incidents that offer important lessons for anyone running a GraphQL API. These are not theoretical attacks — they …
If you’ve been in web security for more than a year, you’ve heard of WAFs — Web Application Firewalls. But in 2026, WAF alone isn’t enough. Enter WAAP: Web Application and API …
The OWASP Global Conference 2026, held in Lisbon earlier this month, delivered significant new guidance and research on web application and API protection. With over 3,000 attendees and 150 sessions, …
As the first quarter of 2026 closes, it’s time to take stock of the attack landscape. The data from January through March reveals several significant shifts in how web applications and APIs are …
The first two months of 2026 have already produced enough CVE data to identify clear trends in web application vulnerabilities. As of late February, 847 CVEs affecting web applications have been …
DDoS attacks have undergone a dramatic evolution in the past twelve months. While volumetric floods continue to grow in size, the most concerning development is the sophistication of application-layer …
The OWASP API Security Project released its latest Top 10 list this month, and the changes reflect how the API threat landscape has evolved over the past two years. While some entries remain from …
January is the traditional kickoff for CVE season, and 2026 is shaping up to be the most active year yet for web application vulnerabilities. As security teams return from the holidays, the first …