About the Author

Agentic pentesting: A guide for modern application security

NIS2 compliance and application security: What security leaders need to know

Amazon’s AI coding troubles point to an industry-wide control problem

What is session hijacking? How session hijacking attacks work and how to prevent them

Vibe-coded app security: How to secure AI-generated applications at scale

AI won’t kill AppSec – it will clarify what matters most

Latio 2026 report: AppSec buyers are moving to platforms and demanding real outcomes

Black-box testing: External security testing explained

Best application security tools in 2026: A platform-first guide

SOCI Act explained: Compliance rules and requirements

Best tools for JavaScript and Node.js security

Cyber Resilience Act (CRA) compliance checklist

Injection attacks in application security: Types, examples, prevention

What is risk-based vulnerability management (RBVM)?

PCI Data Security Standard compliance and requirements for applications

Vibe coding security checklist

What is the best vulnerability scanner for microservices?

How can enterprises prioritize vulnerabilities at scale?

What vulnerability scanner confirms actual exploitability?

How do CISOs use ASPM for security reporting?

Supply chain risks in AI-driven applications: Securing AI integrations and dependencies

Best enterprise DAST tools for regulated industries

SAST-DAST integration: How combining the two shows you what is truly actionable

Application security checklist: Essential steps for secure development

DORA compliance checklist: How to prepare for the Digital Operational Resilience Act

DORA vs. NIS2: What’s the difference and where do they overlap?

React2Shell (CVE-2025-55182): Critical RCE vulnerability in React Server Components and Next.js

Second wave of Shai-Hulud npm worm compromises the global software supply chain

OWASP Top 10 update for 2025: Two decades of AppSec

How to fix Content Security Policy (CSP) Header Not Set errors to prevent XSS vulnerabilities

Broken object-level authorization (BOLA) API vulnerability explained

AI and the expanding application attack surface

The EU AI Act meets application security: What enterprises need to do

Shadow APIs: The hidden threat to application security

How DAST supports compliance with PCI DSS, ISO 27001, HIPAA, and SOC 2

API scanning and security testing: The core of modern application security

Red Hat Consulting GitLab breach raises concerns over customer data exposure

API pen testing vs. continuous scanning: Key differences & benefits

Stateful API scanning: Why context matters for API security

Automated API vulnerability scanning: Security and compliance benefits

API vulnerability scanning: Tests to run first

Shadow AI: The hidden risk inside your enterprise (and how to manage it)

Web LLM attacks: Securing AI-powered applications

Sensorless (agentless) API discovery explained

API discovery and visibility: The foundations of modern application security

OWASP Top 10 risks for LLMs (2025 update)

Generative AI and cybersecurity in 2026: Risks, opportunities, and what leaders must do

Top 10 ASPM tools for 2026

Smarter, not flashier: How AI enhances DAST on the Invicti Platform

ASPM vendors: Things to look for in an ASPM solution

How to prevent SQL injection vulnerabilities in PHP applications

What’s the difference between ASPM and DAST, SAST, or SCA?

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Guide to cryptographic failures: A 2025 OWASP Top 10 threat

SQL injection prevention cheat sheet

Preventing cross-site scripting (XSS) in Java applications

Is React vulnerable to XSS?

What your vulnerability scanner won’t find: Limitations of automated testing

What is the root cause of SQL injection?

What is the best vulnerability scanning tool?

Top 10 dynamic application security testing (DAST) tools for 2026

Components of dynamic application security testing

Missing X-Frame-Options header? You should be using CSP anyway

Content Security Policy (CSP): Directives, examples, fixes

Missing HTTP security headers: Avoidable risk, easy fix

DAST vs. penetration testing: Key similarities and differences

DAST vs. SAST: Getting real on static and dynamic application security testing

Is DAST only for web applications? A fact-check on vulnerability scanning

What is vulnerability scanning and how do web vulnerability scanners work?

The role of an API scanner in API security

3 types of vulnerability scanners that matter for application security

What is API Security? A comprehensive guide to API security

How to prevent CSRF attacks by using anti-CSRF tokens

How to Select a DAST Scanner: DAST Solutions and Tools

CWE Top 25 for 2024: XSS, SQLi, buffer overflows top the list

How to prevent SQL injection

How the BEAST attack works: Reading encrypted data without decryption

Doubling down on components: SCA and Container Security on the Invicti platform

3 AppSec headaches you can cure with Predictive Risk Scoring

Insecure deserialization in web applications

Debunking the top 5 myths about DAST

The Helix Files: Choose Your Own Adventure

HTTP security headers: An easy way to harden your web applications

The OWASP API Security Top 10 demystified

What’s the big deal with post-quantum cryptography?

How the DORA framework mandates application security testing (and many other things)

A voyage of discovery: Talking APIs with Frank Catucci and Dan Murphy

XSS filter evasion: Why filtering doesn’t stop cross-site scripting

XSS filter evasion: Why filtering doesn’t stop cross-site scripting

Polyfill supply chain attack: What to do when your CDN goes evil

How to prevent XSS attacks

What the OWASP Top 10 for LLM applications tells us about generative AI security

Making sense of AppSec vs. DevSecOps

Why Predictive Risk Scoring is the smart way to do AI in application security

How to choose the right application security tools

What is DevSecOps and how is it evolving?

How you can disable directory listing on your web server—and why you should

NIST CSF 2.0: The world’s favorite cybersecurity framework comes of age

The xz-utils backdoor: The supply chain RCE that got caught

Why DAST makes the perfect security posture gauge

Latio 2026 Application Security Market Report recognizes Invicti as a leader and innovator

Looking ahead to AFCEA WEST 2024: Building out the 7 pillars of Zero Trust

Picking up a clear signal at OWASP 2023 Global AppSec Dublin

Netsparker’s 2019: The Year in Review

Incorporating business logic to get the best out of DAST

How Invicti can help with AppSec compliance

Vulnerability scanning with PAM in zero trust environments

Invicti adds IAST support for Node.js

Hunting down vulnerabilities with Invicti’s DAST+IAST approach

Know Your Web Application Risks with Invicti’s Kenna Integration

4 Benefits of Using Invicti’s Knowledge Base Feature

How Invicti finds vulnerabilities