The DAST-first mindset: A CISO’s perspective

The level of accuracy and automation of modern DAST platforms allows security leaders to make an outside-in approach the foundation of risk-based application security. Welcome to CISO’s Corner, and le...

Meet the future of AppSec: DAST-first application security

Being DAST-first means starting application security with validated, real-world testing that prioritizes actual exploitable risks. Invicti’s DAST-first platform leads the way towards integrating all A...

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summa...

Top 10 dynamic application security testing (DAST) tools for 2025

This guide explores the top 10 DAST tools for 2025, highlighting enterprise-grade solutions as well as open-source options. Learn how these tools help detect vulnerabilities, integrate with DevSecOps,...

Missing X-Frame-Options header? You should be using CSP anyway

When clickjacking attacks using iframes first became possible, browser vendors reacted by adding <code>X-Frame-Options</code> as a dedicated security header for controlling page embedding permissions....

First tokens: The Achilles’ heel of LLMs

The Assistant Prefill feature available in many LLMs can leave models vulnerable to safety alignment bypasses (aka jailbreaking). This article builds on prior research to investigate the practical asp...

Missing HTTP security headers: Avoidable risk, easy fix

Missing HTTP security headers can leave websites and applications exposed to a variety of attacks. If the browser fails to enforce security measures due to missing security headers, apps can be far mo...

DAST vs. penetration testing: Key similarities and differences

Automated vulnerability scanning with DAST tools and manual penetration testing are two distinct approaches to application security testing. Though the two are closely related and sometimes overlap, t...

What is vulnerability scanning and how do web vulnerability scanners work?

Vulnerability scanning is a fundamental cybersecurity practice for automating security testing. Especially in application security, it’s crucial to have a good vulnerability scanner that can automatic...

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Security vulnerabilities are often misunderstood and underestimated. Based on superficial application security knowledge, you might say that cross-site scripting is people putting script tags in form...

Invicti Security Appoints Kevin Gallagher as President

Wed, 06 Nov 2024

Invicti Security has announced the appointment of Kevin Gallagher, former CEO of CoSoSys, as President.

Netsparker Announces New FogBugz Issue Synchronization Feature

Wed, 23 Jan 2019

Netsparker announces a new feature for Netsparker Enterprise that provides integration for resolving and reactivating FogBugz issues according to scan result, in addition to automatic issue creation. Netsparker Enterprise achieves this by webhook support, which detects status changes in your FogBugz issues.

New Vulnerability Families Feature

Tue, 22 Jan 2019

From December 2018, Netsparker will report similar vulnerabilities in groups rather than individually. This means that vulnerability reports will be shorter, simpler and more accurate. It also means that the task of fixing vulnerabilities will take less time and effort.

Netsparker Sponsors OWASP AppSec California 2019

Wed, 02 Jan 2019

Netsparker Announces New Application & Websites Discovery Service

Tue, 11 Dec 2018

Netsparker announces a new feature for Netsparker Enterprise that acts as an application and service discovery tool. Netsparker Radar – Application & Service Discovery Service enables you to locate your enterprise’s online collateral, websites and services, which you can then add to Netsparker to scan, helping you reduce threats and increase security.

Netsparker and GitLab Integration

Tue, 11 Dec 2018

Netsparker to Exhibit at Black Hat Europe 2018 in London‎

Fri, 26 Oct 2018

Netsparker Sponsors BSides DC 2018

Wed, 26 Sep 2018

Netsparker to Exhibit at OWASP AppSec USA 2018 in San Jose

Tue, 11 Sep 2018

Netsparker to Exhibit at Black Hat USA 2018 in Las Vegas

Tue, 17 Jul 2018

Visit Netsparker at booth #1171 during Black Hat USA 2018 in Las Vegas to learn more about our dead accurate web application security scanner.

Ferruh Mavituna Interviewed About Web App Security by Byron Acohido

Thu, 28 Jun 2018

Ferruh Mavituna is interviewed about the growing success of Netsparker, and how Netsparker has anticipated and adapted to some of the largest trends in the digital transformation. Netsparker’s focus on web apps, cloud based environments, and scanning to scale, all contribute to its success, as well as its core focus on automation and accuracy.

Ferruh Mavituna Is Interviewed About Netsparker at RSA Conference 2018

Thu, 14 Jun 2018

Ferruh Mavituna chatted with John Dasher at the RSA Conference 2018 about Netsparker’s powerful ability as a tool to find web application security vulnerabilities accurately, quickly, early, and automatically, in a way that brings scalability, visibility and connectivity to the entire security scanning process, from planning to product deployment.

Netsparker To Exhibit at OWASP AppSec EU 2018 in London

Tue, 29 May 2018

Visit Netsparker at the Diamond sponsor booth during OWASP AppSec EU 2018 in London to learn more about our dead accurate web application security scanner.