The DAST-first mindset: A CISO’s perspective

The level of accuracy and automation of modern DAST platforms allows security leaders to make an outside-in approach the foundation of risk-based application security. Welcome to CISO’s Corner, and le...

Meet the future of AppSec: DAST-first application security

Being DAST-first means starting application security with validated, real-world testing that prioritizes actual exploitable risks. Invicti’s DAST-first platform leads the way towards integrating all A...

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summa...

Top 10 dynamic application security testing (DAST) tools for 2025

This guide explores the top 10 DAST tools for 2025, highlighting enterprise-grade solutions as well as open-source options. Learn how these tools help detect vulnerabilities, integrate with DevSecOps,...

Missing X-Frame-Options header? You should be using CSP anyway

When clickjacking attacks using iframes first became possible, browser vendors reacted by adding <code>X-Frame-Options</code> as a dedicated security header for controlling page embedding permissions....

First tokens: The Achilles’ heel of LLMs

The Assistant Prefill feature available in many LLMs can leave models vulnerable to safety alignment bypasses (aka jailbreaking). This article builds on prior research to investigate the practical asp...

Missing HTTP security headers: Avoidable risk, easy fix

Missing HTTP security headers can leave websites and applications exposed to a variety of attacks. If the browser fails to enforce security measures due to missing security headers, apps can be far mo...

DAST vs. penetration testing: Key similarities and differences

Automated vulnerability scanning with DAST tools and manual penetration testing are two distinct approaches to application security testing. Though the two are closely related and sometimes overlap, t...

What is vulnerability scanning and how do web vulnerability scanners work?

Vulnerability scanning is a fundamental cybersecurity practice for automating security testing. Especially in application security, it’s crucial to have a good vulnerability scanner that can automatic...

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Security vulnerabilities are often misunderstood and underestimated. Based on superficial application security knowledge, you might say that cross-site scripting is people putting script tags in form...

Invicti Security Appoints Kevin Gallagher as President

Wed, 06 Nov 2024

Invicti Security has announced the appointment of Kevin Gallagher, former CEO of CoSoSys, as President.

Black Friday All Year? Secure Websites Generate More Revenue Survey Shows

Wed, 15 Nov 2017

This blog post examines the statistics from our festive season website security survey. Online consumers are aware about security and will spend more if reassured a website is secure.

Netsparker Holiday Survey: 44 Percent of Americans Fear Credit Card Information Will Be Stolen While Shopping Online

Thu, 16 Nov 2017

Press Release | Consumer survey on the security of online purchases and the sources of cybersecurity fears for the new year.

Netsparker Named Vulnerability Management Solution Provider of the Year by CyberSecurity Breakthrough

Mon, 16 Oct 2017

Press Release | Netsparker Recognized with 2017 CyberSecurity Breakthrough Award Designation of ‘Vulnerability Management Solution Provider of the Year’

Netsparker Will Be Exhibiting at Gartner Symposium/ITxpo in Barcelona 2017

Thu, 12 Oct 2017

This November our team will be exhibiting our dead accurate Web Application Security Scanner at Gartner Symposium/ITxpo 2017. Drop by our booth to say hello and make sure not to miss out on our famed merchandise!

Netsparker’s 2016 in Review

Fri, 06 Jan 2017

A high level overview of all the new features that we introduced in our web application security scanner during 2016.

Netsparker Sponsors BSides DC 2017

Thu, 14 Sep 2017

This October our team will be exhibiting the Netsparker Web Application Security Scanner at BSides DC 2017.

Missed Black Hat or DEF CON? We’ve got you covered

Thu, 24 Aug 2017

If you missed Blackhat and Def Con this year do not worry. Our security researcher Sven Morgenroth has just compiled a list of the best talks that took place during this year’s conferences in Las Vegas.

Infographic: Statistics About the Security State of 104 Open Source Web Applications

Thu, 17 Aug 2017

In this infographic, we highlight the most common vulnerabilities that are found in open source web applications. Even though this is just a small sample of the web applications that are used on the live website on the internet, these statistics give us a good overview of the real life situation, and how many websites are vulnerable to malicious hacker attacks.

Netsparker is now enabling open source projects to secure their application with unlimited web security scans with Netsparker Enterprise

Mon, 14 Aug 2017

Press Release | Open source developers can now obtain unlimited web security scans with Netsparker Enterprise web application security scanner.

Netsparker Survey Results | Web Developers on Web Application Security, Governments, Most Vulnerable Industries & More

Thu, 03 Aug 2017

The results of the survey conducted by Netsparker. In this survey we asked developers questions about their test setup, web application security and more.

Netsparker: Government and Financial Services Most Vulnerable Industries, Warn Developers

Thu, 03 Aug 2017

Press Release | Developers think governments & finance industry are the most vulnerable to cyber attacks & IoT devices will be targeted more often

Visit Netsparker at OWASP AppSec USA 2017 in Orlando

Tue, 01 Aug 2017

Netsparker is sponsoring and exhibiting at the OWASP AppSec USA 2017 in Orlando Florida. Come and visit our booth in the exhibitor hall and learn how Netsparker, our web application security scanner can help you ensure the security of your web applications and web services.