<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0"><channel><title>Peakhour.IO - Application Security</title><link>https://www.peakhour.io/</link><description></description><lastBuildDate>Wed, 23 Jul 2025 13:00:00 +1000</lastBuildDate><item><title>Protecting Against a Share Point Zero Day Vulnerability with Network Fingerprinting</title><link>https://www.peakhour.io/blog/protecting-against-share-point-zero-day/</link><description>&lt;p&gt;Analysis of attempts to exploit a recent Share Point zero day vulnerability reveal network fingerprinting and classification is a robust defense.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Wed, 23 Jul 2025 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-07-23:/blog/protecting-against-share-point-zero-day/</guid><category>Security</category><category>Threat Detection</category><category>Credential Stuffing</category><category>Account Protection</category><category>DevSecOps</category><category>DDoS</category><category>Application Security</category></item><item><title>How AI Agents Are Writing Custom Exploits</title><link>https://www.peakhour.io/blog/ai-agents-custom-exploits/</link><description>&lt;p&gt;AI agents with reasoning capabilities like DeepSeek are revolutionizing exploit development, marking the end of traditional security approaches based on static rules and patterns.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 17 Feb 2025 14:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-02-17:/blog/ai-agents-custom-exploits/</guid><category>Security</category><category>Application Security</category><category>Threat Detection</category><category>DevSecOps</category><category>Bot Management</category><category>API Security</category><category>DDoS</category></item><item><title>Data-Driven Risk Management</title><link>https://www.peakhour.io/blog/data-driven-risk-management-contextual-security/</link><description>&lt;p&gt;How Peakhour's contextual security aligns with Visa's data-driven risk management approach in the 2025-2028 Security Roadmap.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 07 Feb 2025 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-02-07:/blog/data-driven-risk-management-contextual-security/</guid><category>Account Protection</category><category>Account Protection</category><category>Application Security</category><category>Credential Stuffing</category><category>API Security</category><category>Threat Detection</category><category>PCI DSS</category></item><item><title>Visa's Security Roadmap 2025-2028</title><link>https://www.peakhour.io/blog/visa-security-roadmap-2025-overview/</link><description>&lt;p&gt;An analysis of Visa's Security Roadmap 2025-2028 and how Peakhour's solutions help Australian businesses meet these security objectives.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Tue, 21 Jan 2025 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-01-21:/blog/visa-security-roadmap-2025-overview/</guid><category>Fraud</category><category>PCI DSS</category><category>Account Protection</category><category>Credential Stuffing</category><category>Fraud Prevention</category><category>Magento</category><category>Application Security</category></item><item><title>Anti-Detect Browsers</title><link>https://www.peakhour.io/blog/anti-detect-browsers-application-security-threat/</link><description>&lt;p&gt;Anti-detect browsers represent one of the most sophisticated threats facing modern web applications and APIs. Learn how these tools work, why they pose a significant threat to application security, and how modern security platforms can detect and mitigate their use.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 15 Jan 2025 10:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2025-01-15:/blog/anti-detect-browsers-application-security-threat/</guid><category>Bots</category><category>Bot Management</category><category>Threat Detection</category><category>Application Security</category><category>Browser Fingerprinting</category><category>Fingerprinting</category><category>DevSecOps</category></item><item><title>Next-Generation Application Security Defence Strategies</title><link>https://www.peakhour.io/blog/ai-powered-cyber-threats-application-security-defence/</link><description>&lt;p&gt;Comprehensive analysis of AI-powered cyber threats and how modern application security platforms defend against machine learning-driven attacks. Learn advanced defence strategies for the AI cybersecurity arms race.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 15 Nov 2024 14:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-11-15:/blog/ai-powered-cyber-threats-application-security-defence/</guid><category>Security</category><category>Threat Detection</category><category>Machine Learning</category><category>DevSecOps</category><category>Bot Management</category><category>DDoS</category><category>Application Security</category></item><item><title>Managing Bots For Application Security</title><link>https://www.peakhour.io/blog/enterprise-bot-management-application-security/</link><description>&lt;p&gt;Comprehensive guide to enterprise bot management for modern application security platforms. Learn how to protect applications and APIs from sophisticated bot threats including anti-detect browsers, credential stuffing, and automated attacks targeting DevOps environments.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Sun, 15 Sep 2024 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-09-15:/blog/enterprise-bot-management-application-security/</guid><category>Bots</category><category>Bot Management</category><category>API Security</category><category>Credential Stuffing</category><category>Account Protection</category><category>DevSecOps</category><category>Application Security</category></item><item><title>Application Security for Financial Services Under CPS 234</title><link>https://www.peakhour.io/blog/credential-stuffing-defence-cps-234-compliance/</link><description>&lt;p&gt;Comprehensive analysis of credential stuffing threats against Australian financial institutions and how application security platforms help meet CPS 234 disclosure requirements whilst preventing account takeover attacks.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Mon, 29 Jul 2024 10:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-07-29:/blog/credential-stuffing-defence-cps-234-compliance/</guid><category>Account Protection</category><category>Account Protection</category><category>Credential Stuffing</category><category>Fraud Prevention</category><category>Application Security</category><category>DevSecOps</category><category>PCI DSS</category></item><item><title>Account Protection and User Experience in Web Applications</title><link>https://www.peakhour.io/blog/frictionless-customer-experiences/</link><description>&lt;p&gt;Explore strategies to enhance web application security without compromising user experience, focusing on contextual security and adaptive authentication measures.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 17 Jul 2024 10:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-07-17:/blog/frictionless-customer-experiences/</guid><category>Account Protection</category><category>Account Protection</category><category>Credential Stuffing</category><category>Application Security</category><category>Fraud Prevention</category><category>API Security</category><category>Magento</category></item><item><title>Addressing Key Cloud Security Categories</title><link>https://www.peakhour.io/blog/peakhour-cloud-security-post-wiz/</link><description>&lt;p&gt;An analysis of Peakhour's role in addressing key cloud security categories identified in recent industry analysis, demonstrating its comprehensive approach to modern cloud security challenges.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Wed, 01 May 2024 10:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-05-01:/blog/peakhour-cloud-security-post-wiz/</guid><category>Security</category><category>API Security</category><category>Threat Detection</category><category>Account Protection</category><category>DevSecOps</category><category>Application Security</category><category>CDN</category></item><item><title>Managing Breached Credential Usage</title><link>https://www.peakhour.io/blog/breached-credentials-protection-application-security-platform/</link><description>&lt;p&gt;How breached credential checks and risk signals help detect credential stuffing without adding unnecessary login friction.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 15 Mar 2024 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2024-03-15:/blog/breached-credentials-protection-application-security-platform/</guid><category>Account Protection</category><category>Credential Stuffing</category><category>Account Protection</category><category>DevSecOps</category><category>Application Security</category><category>Threat Detection</category><category>API Security</category></item><item><title>HTTP Security Headers</title><link>https://www.peakhour.io/blog/http-security-headers-web-application-protection/</link><description>&lt;p&gt;Comprehensive guide to HTTP security headers for protecting web applications from client-side attacks. Learn essential browser security configurations for modern application security platforms and DevSecOps workflows.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Tue, 28 Nov 2023 14:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-11-28:/blog/http-security-headers-web-application-protection/</guid><category>Security</category><category>Application Security</category><category>Account Protection</category><category>API Security</category><category>Credential Stuffing</category><category>Drupal</category><category>DDoS</category></item><item><title>Dive into CVSS Scores</title><link>https://www.peakhour.io/blog/confluence-cvss-vectors/</link><description>&lt;p&gt;Understand CVSS by examining the Atlassian CVE-2023-22515 and CVE-2023-22518.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 10 Nov 2023 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-11-10:/blog/confluence-cvss-vectors/</guid><category>Interest</category><category>Threat Detection</category><category>DevSecOps</category><category>Application Security</category><category>Anomaly Detection</category><category>Credential Stuffing</category><category>Core Web Vitals</category></item><item><title>A Risk Based Approach To Vulnerability Scoring</title><link>https://www.peakhour.io/blog/epss-explained/</link><description>&lt;p&gt;An in-depth exploration of EPSS, its data-driven approach to assessing cybersecurity threats, and how it complements CVSS.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 10 Nov 2023 00:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-11-10:/blog/epss-explained/</guid><category>Interest</category><category>Threat Detection</category><category>Application Security</category><category>DevSecOps</category><category>Anomaly Detection</category><category>DDoS</category><category>Credential Stuffing</category></item><item><title>ModSecurity’s End-of-Life</title><link>https://www.peakhour.io/blog/modsecurity-eol-modern-application-security-platforms/</link><description>&lt;p&gt;ModSecurity's end-of-life marks a pivotal moment in application security evolution. Discover how modern Application Security Platforms are advancing beyond traditional WAF approaches to provide comprehensive protection for web applications and APIs at the edge.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 16 Oct 2023 13:00:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-10-16:/blog/modsecurity-eol-modern-application-security-platforms/</guid><category>Security</category><category>Application Security</category><category>DevSecOps</category><category>API Security</category><category>DDoS</category><category>Threat Detection</category><category>SOC 2</category></item><item><title>APRA Cybersecurity Guidelines</title><link>https://www.peakhour.io/blog/apra-cybersecurity-application-security-financial-services/</link><description>&lt;p&gt;Comprehensive guide to APRA cybersecurity requirements for Australian financial institutions. Learn how application security platforms help meet CPS 234 compliance and Information Security Manual guidelines for protecting financial services infrastructure.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Thu, 12 Oct 2023 12:31:00 +1100</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-10-12:/blog/apra-cybersecurity-application-security-financial-services/</guid><category>Financial Services Security</category><category>Compliance</category><category>Account Protection</category><category>Application Security</category><category>Threat Detection</category><category>GDPR</category><category>PCI DSS</category></item><item><title>The Rise of OpenBullet</title><link>https://www.peakhour.io/blog/the-rise-of-openbullet/</link><description>&lt;p&gt;A comprehensive look at OpenBullet, its capabilities, and the implications for cybersecurity in the face of its misuse.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Fri, 01 Sep 2023 14:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-09-01:/blog/the-rise-of-openbullet/</guid><category>Security</category><category>Bot Management</category><category>Application Security</category><category>DevSecOps</category><category>Account Protection</category><category>Credential Stuffing</category><category>Threat Detection</category></item><item><title>Headless Commerce Security</title><link>https://www.peakhour.io/blog/headless-commerce-security-api-protection/</link><description>&lt;p&gt;Comprehensive analysis of security challenges in headless commerce and Single Page Applications. Learn how to protect modern e-commerce APIs and microservices architectures from scraping, fraud, and automated attacks.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Wed, 28 Jun 2023 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-06-28:/blog/headless-commerce-security-api-protection/</guid><category>Security</category><category>API Security</category><category>Magento</category><category>Account Protection</category><category>Drupal</category><category>Application Security</category><category>Bot Management</category></item><item><title>Enterprise DDoS Protection</title><link>https://www.peakhour.io/blog/enterprise-ddos-protection-microsoft-365-application-security/</link><description>&lt;p&gt;Analysis of the Microsoft 365 DDoS attack by Storm-1359 reveals critical lessons for enterprise application security platforms. Learn advanced Layer 7 DDoS protection strategies and rate limiting techniques for modern applications.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 19 Jun 2023 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-06-19:/blog/enterprise-ddos-protection-microsoft-365-application-security/</guid><category>DDoS</category><category>DDoS</category><category>Threat Detection</category><category>Rate Limiting</category><category>Application Security</category><category>Account Protection</category><category>API Security</category></item><item><title>Advanced Anomaly Detection</title><link>https://www.peakhour.io/blog/advanced-anomaly-detection-rrcf-application-security/</link><description>&lt;p&gt;Deep dive into Robust Random Cut Forest (RRCF) implementation for real-time anomaly detection in Application Security Platforms. Learn how advanced machine learning algorithms enhance threat detection and automated response capabilities.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 15 May 2023 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2023-05-15:/blog/advanced-anomaly-detection-rrcf-application-security/</guid><category>Security</category><category>Threat Detection</category><category>Anomaly Detection</category><category>DDoS</category><category>DevSecOps</category><category>Bot Management</category><category>Application Security</category></item><item><title>CVE-2022-26134</title><link>https://www.peakhour.io/blog/cve202226134-atlassian-confluence/</link><description>&lt;p&gt;Peakhour clients are protected against CVF-2022-26134 Atlassian Confluence RCE&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Thu, 02 Jun 2022 00:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2022-06-02:/blog/cve202226134-atlassian-confluence/</guid><category>Security</category><category>API Security</category><category>DDoS</category><category>Rate Limiting</category><category>Application Security</category><category>Credential Stuffing</category><category>Features</category></item><item><title>Intelligent Rate Limiting</title><link>https://www.peakhour.io/blog/rate-limiting/</link><description>&lt;p&gt;Comprehensive guide to intelligent rate limiting for modern application security platforms. Learn how sophisticated rate limiting protects APIs and web applications from abuse, DDoS attacks, and automated threats whilst maintaining optimal user experience.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 16 May 2022 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2022-05-16:/blog/rate-limiting/</guid><category>DDoS</category><category>Rate Limiting</category><category>DDoS</category><category>API Security</category><category>Bot Management</category><category>Application Security</category><category>Threat Detection</category></item><item><title>Rate limiting</title><link>https://www.peakhour.io/blog/rate-limiting-how-it-works/</link><description>&lt;p&gt;How can rate limiting protect your web application and the key items to consider when enabling.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">AC</dc:creator><pubDate>Mon, 16 May 2022 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2022-05-16:/blog/rate-limiting-how-it-works/</guid><category>DDoS</category><category>Rate Limiting</category><category>API Security</category><category>DDoS</category><category>Application Security</category><category>Web Performance</category><category>Bot Management</category></item><item><title>Application Performance Optimisation</title><link>https://www.peakhour.io/blog/introduction-to-website-performance-testing/</link><description>&lt;p&gt;A practical primer for finding where website requests lose time, from cache state and origin work to browser rendering.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Sat, 12 Sep 2020 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2020-09-12:/blog/introduction-to-website-performance-testing/</guid><category>Performance</category><category>Application Security</category><category>DevSecOps</category><category>Drupal</category><category>DDoS</category><category>Threat Detection</category><category>Rate Limiting</category></item><item><title>WordPress Performance Optimisation</title><link>https://www.peakhour.io/blog/wordpress-performance-optimisation-security-cdn/</link><description>&lt;p&gt;How to speed up WordPress by separating public cacheable pages from private, expensive, and abused request paths.&lt;/p&gt;</description><dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">Dan</dc:creator><pubDate>Mon, 27 May 2019 13:00:00 +1000</pubDate><guid isPermaLink="false">tag:www.peakhour.io,2019-05-27:/blog/wordpress-performance-optimisation-security-cdn/</guid><category>Performance</category><category>WordPress</category><category>Drupal</category><category>Core Web Vitals</category><category>Rate Limiting</category><category>Web Performance</category><category>Application Security</category></item></channel></rss>