The DAST-first mindset: A CISO’s perspective

The level of accuracy and automation of modern DAST platforms allows security leaders to make an outside-in approach the foundation of risk-based application security. Welcome to CISO’s Corner, and le...

Meet the future of AppSec: DAST-first application security

Being DAST-first means starting application security with validated, real-world testing that prioritizes actual exploitable risks. Invicti’s DAST-first platform leads the way towards integrating all A...

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summa...

Top 10 dynamic application security testing (DAST) tools for 2025

This guide explores the top 10 DAST tools for 2025, highlighting enterprise-grade solutions as well as open-source options. Learn how these tools help detect vulnerabilities, integrate with DevSecOps,...

Missing X-Frame-Options header? You should be using CSP anyway

When clickjacking attacks using iframes first became possible, browser vendors reacted by adding <code>X-Frame-Options</code> as a dedicated security header for controlling page embedding permissions....

First tokens: The Achilles’ heel of LLMs

The Assistant Prefill feature available in many LLMs can leave models vulnerable to safety alignment bypasses (aka jailbreaking). This article builds on prior research to investigate the practical asp...

Missing HTTP security headers: Avoidable risk, easy fix

Missing HTTP security headers can leave websites and applications exposed to a variety of attacks. If the browser fails to enforce security measures due to missing security headers, apps can be far mo...

DAST vs. penetration testing: Key similarities and differences

Automated vulnerability scanning with DAST tools and manual penetration testing are two distinct approaches to application security testing. Though the two are closely related and sometimes overlap, t...

What is vulnerability scanning and how do web vulnerability scanners work?

Vulnerability scanning is a fundamental cybersecurity practice for automating security testing. Especially in application security, it’s crucial to have a good vulnerability scanner that can automatic...

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Security vulnerabilities are often misunderstood and underestimated. Based on superficial application security knowledge, you might say that cross-site scripting is people putting script tags in form...

How to scan for MongoDB injection vulnerabilities – and how to fix them

Thu, 15 Dec 2022

NoSQL injection attacks against MongoDB databases are a major threat to full-stack JavaScript applications. Invicti security engineer Özgür Dinç shows how to find MongoDB injection vulnerabilities with Invicti’s vulnerability scanner – and how to fix them.

Triggering Netsparker Desktop Scans Remotely With Windows Management Instrumentation

Thu, 19 Oct 2017

This article explains how to remotely trigger Netsparker Desktop web application security scanner on a Local Area Network (LAN). This enables you to connect to the remote machine via WMI in order to run Netsparker on it.

Web Application Vulnerabilities Severities Explained

Tue, 24 Oct 2017

In this FAQ you can find a detailed explanation of the different severity levels that Netsparker web application security scanner uses to classify the reported vulnerabilities.

Configuring Basic, NTLM & Digest Authentication in Netsparker

Mon, 28 Aug 2017

This article explains how to configure Basic, Digest, NTLM/Kerberos authentication in Netsparker Desktop web application security scanner to scan a password protected website.

How to Integrate Netsparker Enterprise with an Issue Tracking System

Thu, 01 Jun 2017

This article explains in detail how you can integrate Netsparker Enterprise with an Issue Tracking System, so that identified web application vulnerabilities are automatically created as issues.

Creating a new Send To action in Netsparker Desktop

Tue, 23 May 2017

Send To actions in Netsparker Desktop allow you to configure “rules” for Netsparker Desktop to send an email when a specific vulnerability or vulnerabilities are discovered.

How to Configure & Verify Form Authentication in Netsparker Enterprise

Tue, 23 May 2017

This article explains how you can configure and verify the forms authentication before launching a web vulnerability scan with Netsparker Enterprise. It also explains how you can change the logout detection pattern.

How Netsparker Hawk Finds SSRF and Out-of-Band Vulnerabilities

Tue, 23 May 2017

This article explains in detail how the Netsparker web application security scanner uses the Netsparker Hawk vulnerability testing infrastructure to identify Server Side Request Forgery, blind, async and second order web application vulnerabilities.

Using Netsparker Enterprise Notifications to Be Instantly Alerted via Email and SMS

Tue, 23 May 2017

In Netsparker Enterprise, you can configure notification rules so you are instantly alerted via email or SMS about the status and results of the scans. You can also be alerted when specific vulnerabilities are identified on your websites.

Scanning The Websites That Are Linked To From the Target

Tue, 23 May 2017

This article explains how you can configure Netsparker web application security scanner to also scan other websites which are linked to from the target that is being scanned.

The Netsparker Enterprise Users Permissions Explained

Wed, 19 Jul 2017

This article explains in detail the Netsparker Enterprise users permissions and how you can configure them to allow all the members of your team to collaborate and ensure the long term security of all web applications.

Netsparker Enterprise Web Vulnerability Tracking System

Tue, 23 May 2017

This document explains how to use the built-in Netsparker Enterprise vulnerability tracking system to ensure that all vulnerabilities and potential security flaws are addressed prior to launching a web application live.

How to Export the Netsparker Web Vulnerability Scan Results as Web Application Firewall Rules

Tue, 23 May 2017

This article explains how you can export the vulnerabilities the Netsparker web application security scanners found during a scan as web application firewall rules.