The DAST-first mindset: A CISO’s perspective

The level of accuracy and automation of modern DAST platforms allows security leaders to make an outside-in approach the foundation of risk-based application security. Welcome to CISO’s Corner, and le...

Meet the future of AppSec: DAST-first application security

Being DAST-first means starting application security with validated, real-world testing that prioritizes actual exploitable risks. Invicti’s DAST-first platform leads the way towards integrating all A...

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summa...

Top 10 dynamic application security testing (DAST) tools for 2025

This guide explores the top 10 DAST tools for 2025, highlighting enterprise-grade solutions as well as open-source options. Learn how these tools help detect vulnerabilities, integrate with DevSecOps,...

Missing X-Frame-Options header? You should be using CSP anyway

When clickjacking attacks using iframes first became possible, browser vendors reacted by adding <code>X-Frame-Options</code> as a dedicated security header for controlling page embedding permissions....

First tokens: The Achilles’ heel of LLMs

The Assistant Prefill feature available in many LLMs can leave models vulnerable to safety alignment bypasses (aka jailbreaking). This article builds on prior research to investigate the practical asp...

Missing HTTP security headers: Avoidable risk, easy fix

Missing HTTP security headers can leave websites and applications exposed to a variety of attacks. If the browser fails to enforce security measures due to missing security headers, apps can be far mo...

DAST vs. penetration testing: Key similarities and differences

Automated vulnerability scanning with DAST tools and manual penetration testing are two distinct approaches to application security testing. Though the two are closely related and sometimes overlap, t...

What is vulnerability scanning and how do web vulnerability scanners work?

Vulnerability scanning is a fundamental cybersecurity practice for automating security testing. Especially in application security, it’s crucial to have a good vulnerability scanner that can automatic...

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Security vulnerabilities are often misunderstood and underestimated. Based on superficial application security knowledge, you might say that cross-site scripting is people putting script tags in form...

Invicti Security Appoints Kevin Gallagher as President

Wed, 06 Nov 2024

Invicti Security has announced the appointment of Kevin Gallagher, former CEO of CoSoSys, as President.

Netsparker is now an accredited supplier on the UK Government’s Digital Marketplace

Tue, 01 Aug 2017

This article explains the value of Netsparker Enterprise having being been accepted and enlisted on the UK digital marketplace, the high-level requirements Netsparker had to adhere to and why this proves that Netsparker is a trusted and effective Web Application Security Scanner.

New Netsparker Survey Finds Vulnerable Web Applications Make Web Developers an Easy Target, Even When Working Behind a Firewall

Thu, 20 Jul 2017

Press Release | Developer Failure to keep test environments opens doors to attackers and allow them to bypass network firewalls.

Netsparker Sponsors BSides Manchester 2017

Tue, 11 Jul 2017

This August our team will be exhibiting the Netsparker Web Application Security Scanner at BSides Manchester 2017, one of the two BSides events in the UK.

Netsparker Exhibiting at RSA Conference 2017 in Singapore

Wed, 31 May 2017

This July our team will be exhibiting the Netsparker Web Application Security Scanner at RSA Conference 2017 in Singapore, the leading information security conference in the Asia Pacific & Japan region.

Exhibiting & Speaking at Infosecurity Europe 2017

Fri, 12 May 2017

This June our team will be exhibiting the Netsparker Web Application Security Scanner at Infosecurity Europe in London, one of the biggest European security conferences.

Win A Full Conference Ticket to OWASP AppSec Europe

Tue, 11 Apr 2017

Win a ticket to the OWASP AppSec Europe Conference by retweeting our tweet and following us on Twitter.

Netsparker Will Be Exhibiting at the Software Design & Development Conference 2017

Fri, 31 Mar 2017

Netsparker is sponsoring and will be exhibiting at the Software Design and Development Conference (SDD) 2017, which will be held between the 15th and 19th of May in London.

Ferruh Mavituna Discusses Web Application Security Automation on Risky Business Podcast

Wed, 15 Mar 2017

Netsparker CEO and founder Ferruh Mavituna discusses what can be automated and what cannot in web application security testing during an interview on the Risky Business podcast episode #447.

Netsparker Sponsors PHPKonf 2017 in Istanbul

Fri, 10 Mar 2017

Netsparker is sponsoring the PHPKonf for the third year in a row. Netsparker has also partnered & is helping with the organization of this PHP focused conference which will be held in Istanbul, Turkey on the 20th of May.

Visit Netsparker at the OWASP AppSec Europe Conference 2017 in Belfast

Wed, 01 Mar 2017

Netsparker is exhibiting and sponsoring the OWASP AppSec Europe Conference 2017 in Belfast, Ireland. Come and visit our booth in the exhibitor hall and learn how Netsparker web application security scanner can help you ensure the security of your web applications and web services.

Netsparker’s 2016 in Review

Thu, 12 Jan 2017

A highlight of what we have done in 2016 and what features and scanning capabilities we introduced in our web application security scanners.

Netsparker Will Be Exhibiting at RSA Conference in San Francisco

Tue, 03 Jan 2017

Visit Netsparker at booth N4322 during the RSA Conference in San Francisco to learn more about our dead accurate web application security scanner.