Video Library

Video Library

We release great videos, from demos to bite-size pieces about everything from AppSec tooling, common misconceptions, OWASP Top 10 demos, API security best practices and more.

We release great videos, from demos to bite-size pieces about everything from AppSec tooling, common misconceptions, OWASP Top 10 demos, API security best practices and more.

START FOR FREE
REQUEST A DEMO
Start For Free
Request A Demo

Our Watchlist

Our Watchlist

How to protect your software supply chain

Your supply chain is everything that impacts what you end up running in production, which is your code, all your dependencies, and their dependencies, stuff that comes with base images for your containers, AMIs or other machine images, etc, and 3rd-party tools and libraries that you use in the pipeline.

Changes in any of the above, malicious or otherwise, can change what you’re running in production. What are the risks to that?

Supply chain attacks that compromise your application’s data or availability through changes in the application, and bugs, vandalism or acts of protest.

Three things you can do to improve your resilience to supply chain threats are: visibility – know what your dependencies are, making sure you have a process to detect new vulnerabilities in your deployed application and in new deployments, and considering to minimize your supply chain.

How to protect your software supply chain

Your supply chain is everything that impacts what you end up running in production, which is your code, all your dependencies, and their dependencies, stuff that comes with base images for your containers, AMIs or other machine images, etc, and 3rd-party tools and libraries that you use in the pipeline.

Changes in any of the above, malicious or otherwise, can change what you’re running in production. What are the risks to that?

Supply chain attacks that compromise your application’s data or availability through changes in the application, and bugs, vandalism or acts of protest.

Three things you can do to improve your resilience to supply chain threats are: visibility – know what your dependencies are, making sure you have a process to detect new vulnerabilities in your deployed application and in new deployments, and considering to minimize your supply chain.

What’s the deal with our one line of code?

Yes, we mention that our solution takes one line of code to implement everywhere. Why is it important and what do you get in that one line of code? Our chairman Hillel Solow explains.

What’s the deal with our one line of code?

Yes, we mention that our solution takes one line of code to implement everywhere. Why is it important and what do you get in that one line of code? Our chairman Hillel Solow explains.

What is web application security

Yes, cloud adoption and APIs are almost buzzwords nowadays. But these technologies truly changed the game when it comes to the way apps are developed, but also the way they are (or should be) secured.

Attackers capitalize on the distributed nature of cloud-native applications and use things like injection attacks (SQL, Command, Code) to exploit common vulnerabilities that stem from that distributed, cloud-native nature of our apps.

When it comes to securing web applications in today’s world, sticking a WAF is not good enough. In fact, any security solution is not good enough if you don’t build a solid security culture across your teams (dev and sec).

What is web application security

Yes, cloud adoption and APIs are almost buzzwords nowadays. But these technologies truly changed the game when it comes to the way apps are developed, but also the way they are (or should be) secured.

Attackers capitalize on the distributed nature of cloud-native applications and use things like injection attacks (SQL, Command, Code) to exploit common vulnerabilities that stem from that distributed, cloud-native nature of our apps.

When it comes to securing web applications in today’s world, sticking a WAF is not good enough. In fact, any security solution is not good enough if you don’t build a solid security culture across your teams (dev and sec).

What is RASP (Runtime Application Self Protection)

What is Runtime Application Self Protection (RASP)? How is it different than WAF? Which is better?

What is RASP (Runtime Application Self Protection)

What is Runtime Application Self Protection (RASP)? How is it different than WAF? Which is better? 

Why should developers care about security

I’m a developer, why should I care about security?

Hillel Solow explains why caring about your app’s security is equally as important as caring about its performance.

Why should developers care about security

I’m a developer, why should I care about security?

Hillel Solow explains why caring about your app’s security is equally as important as caring about its performance.

Why web application & API security go hand in hand

Why web application security and API security go hand in hand?

Traditional #AppSec solutions were designed to protect web applications from the outside. Those web applications mostly delivered JavaScript, HTML, CSS and other dynamic content to web clients.

Nowadays, applications are also delivering APIs. This could be because it is a single page application that uses APIs to consume its dynamic content, or an application that is no longer truly a web application but rather a mobile application that uses APIs in the backend.

Our application servers are handing out data to both of these kind of applications at the same time, and having a security solution that understands what are web applications and what are API applications, and their respective threats, is crucial.

Why web application & API security go hand in hand

Why web application security and API security go hand in hand?

Traditional #AppSec solutions were designed to protect web applications from the outside. Those web applications mostly delivered JavaScript, HTML, CSS and other dynamic content to web clients.

Nowadays, applications are also delivering APIs. This could be because it is a single page application that uses APIs to consume its dynamic content, or an application that is no longer truly a web application but rather a mobile application that uses APIs in the backend.

Our application servers are handing out data to both of these kind of applications at the same time, and having a security solution that understands what are web applications and what are API applications, and their respective threats, is crucial.

What is NoSQL Injection (Demo)

NoSQL databases are an alternative to databases that use SQL. Instead of storing data in tables, these databases store data in objects called documents, which are organized into collections. There is no standard query language for NoSQL databases, hence the name. Instead, each NoSQL platform uses its syntax and protocol.

What is NoSQL Injection (Demo)

NoSQL databases are an alternative to databases that use SQL. Instead of storing data in tables, these databases store data in objects called documents, which are organized into collections. There is no standard query language for NoSQL databases, hence the name. Instead, each NoSQL platform uses its syntax and protocol.

What is SQL injection (Demo)

SQL Injection (SQLi) is a web security vulnerability that allows a malicious actor to inject malicious SQL statements in the queries an application makes to its database. It permits unauthorized entities to view data to which they should not have access, like other users’ information or any other data that the application can access. An attacker can modify or delete the data, forcing constant changes to the application’s content or behavior. SQL Injection can also lead to additional damages, such as compromising the underlying server or back-end infrastructure.

What is SQL injection (Demo)

SQL Injection (SQLi) is a web security vulnerability that allows a malicious actor to inject malicious SQL statements in the queries an application makes to its database. It permits unauthorized entities to view data to which they should not have access, like other users’ information or any other data that the application can access. An attacker can modify or delete the data, forcing constant changes to the application’s content or behavior. SQL Injection can also lead to additional damages, such as compromising the underlying server or back-end infrastructure.

What is distributed web application security

Modern apps can be built from hundreds of microservices, interact with hundreds of APIs and are always cloud-native. So how do you secure them? Hillel Solow explains what are distributed apps and how ProtectOnce secured them.

What is distributed web application security

Modern apps can be built from hundreds of microservices, interact with hundreds of APIs and are always cloud-native. So how do you secure them? Hillel Solow explains what are distributed apps and how ProtectOnce secured them.

Why you need to shift runtime security left

We’ve become so enamored with shifting things left, that some people are starting to put runtime security aside and focus entirely on things that can be done in the pipeline or earlier. Ignoring runtime security is a problem because in reality, even with a tightly controlled DevSecOps process, bad things are possible.

Why you need to shift runtime security left

We’ve become so enamored with shifting things left, that some people are starting to put runtime security aside and focus entirely on things that can be done in the pipeline or earlier. Ignoring runtime security is a problem because in reality, even with a tightly controlled DevSecOps process, bad things are possible.

3 misconceptions about web application security

There are many misconceptions when it comes to AppSec or web application security. In this video Hillel Solow, CSO at ProtectOnce, covers the top 3 misconceptions and explains why you should reconsider these when you dealing with protecting your web applications and APIs.

3 misconceptions about web application security

There are many misconceptions when it comes to AppSec or web application security. In this video Hillel Solow, CSO at ProtectOnce, covers the top 3 misconceptions and explains why you should reconsider these when you dealing with protecting your web applications and APIs.

What is code injection?

An unwritten rule when developing applications is to treat all data as untrusted data. Code injection is a method that a malicious actor uses to inject malicious code which takes advantage of a validation flaw in the software. Since the application cannot detect the malicious code from its own code, the attacker gains access to restricted information of the application.

What is code injection?

An unwritten rule when developing applications is to treat all data as untrusted data. Code injection is a method that a malicious actor uses to inject malicious code which takes advantage of a validation flaw in the software. Since the application cannot detect the malicious code from its own code, the attacker gains access to restricted information of the application.

Ready to protect
your apps?

Start For Free
Request A Demo

AppSec Academy for Developers

Ready to protect
your apps?

Start For Free
Request A Demo