The DAST-first mindset: A CISO’s perspective

The level of accuracy and automation of modern DAST platforms allows security leaders to make an outside-in approach the foundation of risk-based application security. Welcome to CISO’s Corner, and le...

Meet the future of AppSec: DAST-first application security

Being DAST-first means starting application security with validated, real-world testing that prioritizes actual exploitable risks. Invicti’s DAST-first platform leads the way towards integrating all A...

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summa...

Top 10 dynamic application security testing (DAST) tools for 2025

This guide explores the top 10 DAST tools for 2025, highlighting enterprise-grade solutions as well as open-source options. Learn how these tools help detect vulnerabilities, integrate with DevSecOps,...

Missing X-Frame-Options header? You should be using CSP anyway

When clickjacking attacks using iframes first became possible, browser vendors reacted by adding <code>X-Frame-Options</code> as a dedicated security header for controlling page embedding permissions....

First tokens: The Achilles’ heel of LLMs

The Assistant Prefill feature available in many LLMs can leave models vulnerable to safety alignment bypasses (aka jailbreaking). This article builds on prior research to investigate the practical asp...

Missing HTTP security headers: Avoidable risk, easy fix

Missing HTTP security headers can leave websites and applications exposed to a variety of attacks. If the browser fails to enforce security measures due to missing security headers, apps can be far mo...

DAST vs. penetration testing: Key similarities and differences

Automated vulnerability scanning with DAST tools and manual penetration testing are two distinct approaches to application security testing. Though the two are closely related and sometimes overlap, t...

What is vulnerability scanning and how do web vulnerability scanners work?

Vulnerability scanning is a fundamental cybersecurity practice for automating security testing. Especially in application security, it’s crucial to have a good vulnerability scanner that can automatic...

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Security vulnerabilities are often misunderstood and underestimated. Based on superficial application security knowledge, you might say that cross-site scripting is people putting script tags in form...

How to scan for MongoDB injection vulnerabilities – and how to fix them

Thu, 15 Dec 2022

NoSQL injection attacks against MongoDB databases are a major threat to full-stack JavaScript applications. Invicti security engineer Özgür Dinç shows how to find MongoDB injection vulnerabilities with Invicti’s vulnerability scanner – and how to fix them.

How Can I Expand the Forced Browsing Attack List?

Tue, 23 May 2017

How Can I See the HTTP Requests and Responses of a Scan?

Tue, 23 May 2017

This FAQ explains how you can use Fiddler to see the HTTP requests and responses of a web vulnerability scan with the Netsparker web application security scanner.

Can I Upgrade from Netsparker Standard to Professional?

Tue, 23 May 2017

This FAQ explains how the upgrade procedure from Netsparker Standard to Netsparker Professional edition work.

How to Exclude Parts of Your Website from a Web Vulnerability Scan

Tue, 23 May 2017

This FAQ lists down all the different methods you can use when configuring Netsparker web application security scanner to exclude certain parts of your website from the vulnerability scan.

Exclude (and Include) Links from the Sitemap After Crawling

Tue, 23 May 2017

This FAQ explains how you can exclude links from a web vulnerability scan during the scan, after they have been crawled.

How to Scan a Website with Netsparker Desktop via a SOCKS Proxy

Tue, 23 May 2017

This document explains how to scan a website for vulnerabilities with Netsparker Desktop web application security scanner via a SOCKS proxy.

Send Web Security Resports via Email Upon Scheduled Scan Completion

Tue, 23 May 2017

This Netsparker Desktop FAQ explains what you need to do to receive the scan results of a scheduled web application security scan as an email attachment.

Can I Use My Company Logo in the Web Security Reports?

Tue, 23 May 2017

Refer to this frequently asked question (FAQ) if you would like to change the looks and the logo used in the web application security scan reports generated by Netsparker Desktop web vulnerability scanner.

Optimize Netsparker Scan Policies for Quicker and More Efficient Web Application Security Scans

Tue, 23 May 2017

This article explains how you can optimize the scan policies in Netsparker Web Application Security Scanner for quicker and more efficient automated web security scans.

Integrating Netsparker in Your Vulnerability Management Solution

Tue, 23 May 2017

Many security professionals use vulnerability management solutions to centralize all the reports generated by automated security tools, hence allowing them to get a better overview of the security state of every component in the IT infrastructure. Netsparker web security scan results can be imported in a number of vulnerability management solutions as explained in this article.

How to Configure URL Rewrite Rules in Netsparker

Tue, 23 May 2017

This article explains how to easily configure URL Rewrite Rules in Netsparker Web Application Security Scanner to scan websites and web applications which have URL Rewrite Technology enabled. By specifying URL Rewrite Rules you can scan the parameters in the URL.

Netsparker Scan Policies Feature Highlight Video

Tue, 23 May 2017

Scan policies in Netsparker allow you to save a specific Netsparker configuration setup so you do not have to configure the scanner each time you scan a different web application, thus saving a lot of time and improving your productivity. By using Scan Policies you can also specify which type of vulnerability checks should be launched during an automated web vulnerability scan.