The DAST-first mindset: A CISO’s perspective

The level of accuracy and automation of modern DAST platforms allows security leaders to make an outside-in approach the foundation of risk-based application security. Welcome to CISO’s Corner, and le...

Meet the future of AppSec: DAST-first application security

Being DAST-first means starting application security with validated, real-world testing that prioritizes actual exploitable risks. Invicti’s DAST-first platform leads the way towards integrating all A...

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summa...

Top 10 dynamic application security testing (DAST) tools for 2025

This guide explores the top 10 DAST tools for 2025, highlighting enterprise-grade solutions as well as open-source options. Learn how these tools help detect vulnerabilities, integrate with DevSecOps,...

Missing X-Frame-Options header? You should be using CSP anyway

When clickjacking attacks using iframes first became possible, browser vendors reacted by adding <code>X-Frame-Options</code> as a dedicated security header for controlling page embedding permissions....

First tokens: The Achilles’ heel of LLMs

The Assistant Prefill feature available in many LLMs can leave models vulnerable to safety alignment bypasses (aka jailbreaking). This article builds on prior research to investigate the practical asp...

Missing HTTP security headers: Avoidable risk, easy fix

Missing HTTP security headers can leave websites and applications exposed to a variety of attacks. If the browser fails to enforce security measures due to missing security headers, apps can be far mo...

DAST vs. penetration testing: Key similarities and differences

Automated vulnerability scanning with DAST tools and manual penetration testing are two distinct approaches to application security testing. Though the two are closely related and sometimes overlap, t...

What is vulnerability scanning and how do web vulnerability scanners work?

Vulnerability scanning is a fundamental cybersecurity practice for automating security testing. Especially in application security, it’s crucial to have a good vulnerability scanner that can automatic...

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Security vulnerabilities are often misunderstood and underestimated. Based on superficial application security knowledge, you might say that cross-site scripting is people putting script tags in form...

How to scan for MongoDB injection vulnerabilities – and how to fix them

Thu, 15 Dec 2022

NoSQL injection attacks against MongoDB databases are a major threat to full-stack JavaScript applications. Invicti security engineer Özgür Dinç shows how to find MongoDB injection vulnerabilities with Invicti’s vulnerability scanner – and how to fix them.

How to Configure Pingidentity Single Sign-On Integration with SAML

Thu, 24 May 2018

This article explains how to configure PingIdentity Single Sign-On (SSO) with Security Assertion Markup Language (SAML) in order to sign in to enterprise cloud applications, such as Netsparker Enterprise. An Identity Provider (IdP) provides users with unified sign-on across all cloud applications, eliminating individual user IDs and passwords.

How to Configure Okta Single Sign-On Integration with SAML

Thu, 24 May 2018

This article explains how to configure Okta Single Sign-On (SSO) with Security Assertion Markup Language (SAML) in order to sign in to enterprise cloud applications, such as Netsparker Enterprise. An Identity Provider (IdP) provides users with unified sign-on across all cloud applications, eliminating individual user IDs and passwords.

How to Configure Microsoft Active Directory Federation Services Single Sign-On Integration with SAML

Thu, 24 May 2018

This article explains how to configure Microsoft Active Directory (AD) Federation Services Integration with Security Assertion Markup Language (SAML) in order to sign in to enterprise cloud applications, such as Netsparker Enterprise. An Identity Provider (IdP) provides users with unified sign-on across all cloud applications.

How to Configure Azure Active Directory Single Sign-On Integration with SAML

Thu, 24 May 2018

This article explains how to configure Azure Active Directory Single Sign-On (SSO) with Security Assertion Markup Language (SAML) in order to sign in to enterprise cloud applications, such as Netsparker Enterprise. An Identity Provider (IdP) provides users with unified sign-on across all cloud applications, eliminating individual user IDs and passwords.

How to Configure SAML-Based Single Sign-On Integration

Thu, 24 May 2018

This article explains how to configure Single Sign-On (SSO) with Security Assertion Markup Language (SAML) in order to sign in to enterprise cloud applications, such as Netsparker Enterprise. An Identity Provider (IdP) provides users with unified sign-on across all cloud applications, eliminating individual user IDs and passwords.

How to Install and Configure the Netsparker Enterprise Scan Bamboo Plugin

Thu, 10 May 2018

This article provides instructions on how to download and configure the Netsparker Enterprise Scan Bamboo Plugin, including how to view scan results in Bamboo.

Securing Netsparker Enterprise by Restricting IP Addresses

Wed, 21 Mar 2018

IP address restrictions enable organizations to restrict from which IP addresses users can access Netsparker Enterprise, enhancing the security of the solution. Users with Administrator permission can enable it, so that anyone trying to log in to Netsparker Enterprise from an IP address not in the trusted IP addresses list will be denied access.

How to Integrate Netsparker Into Your Existing SDLC

Tue, 06 Mar 2018

This article explains how to integrate Netsparker into your existing Software Development Lifecycle. It also provides instructions on how to view Continuous Integration information in Netsparker’s Status window and in the Scan Report, how to configure Username Mappings and how to disable creating and assigning issues to the code committer.

The DAST-first mindset: A CISO’s perspective

Meet the future of AppSec: DAST-first application security

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

Top 10 dynamic application security testing (DAST) tools for 2025

Missing X-Frame-Options header? You should be using CSP anyway

First tokens: The Achilles’ heel of LLMs

Missing HTTP security headers: Avoidable risk, easy fix

DAST vs. penetration testing: Key similarities and differences

What is vulnerability scanning and how do web vulnerability scanners work?

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

How to scan for MongoDB injection vulnerabilities – and how to fix them

How to Configure Pingidentity Single Sign-On Integration with SAML

How to Configure Okta Single Sign-On Integration with SAML

How to Configure Microsoft Active Directory Federation Services Single Sign-On Integration with SAML

How to Configure Azure Active Directory Single Sign-On Integration with SAML

How to Configure SAML-Based Single Sign-On Integration

How to Install and Configure the Netsparker Enterprise Scan Bamboo Plugin

Securing Netsparker Enterprise by Restricting IP Addresses

How to Integrate Netsparker Into Your Existing SDLC

How to Install and Configure the Netsparker Cloud Scan TeamCity Plugin

How to Install and Configure the Netsparker Enterprise Scan Jenkins Plugin

How to Integrate Netsparker with GoCD Automation Server

How to Integrate Netsparker Desktop with Jenkins