The DAST-first mindset: A CISO’s perspective

The level of accuracy and automation of modern DAST platforms allows security leaders to make an outside-in approach the foundation of risk-based application security. Welcome to CISO’s Corner, and le...

Meet the future of AppSec: DAST-first application security

Being DAST-first means starting application security with validated, real-world testing that prioritizes actual exploitable risks. Invicti’s DAST-first platform leads the way towards integrating all A...

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summa...

Top 10 dynamic application security testing (DAST) tools for 2025

This guide explores the top 10 DAST tools for 2025, highlighting enterprise-grade solutions as well as open-source options. Learn how these tools help detect vulnerabilities, integrate with DevSecOps,...

Missing X-Frame-Options header? You should be using CSP anyway

When clickjacking attacks using iframes first became possible, browser vendors reacted by adding <code>X-Frame-Options</code> as a dedicated security header for controlling page embedding permissions....

First tokens: The Achilles’ heel of LLMs

The Assistant Prefill feature available in many LLMs can leave models vulnerable to safety alignment bypasses (aka jailbreaking). This article builds on prior research to investigate the practical asp...

Missing HTTP security headers: Avoidable risk, easy fix

Missing HTTP security headers can leave websites and applications exposed to a variety of attacks. If the browser fails to enforce security measures due to missing security headers, apps can be far mo...

DAST vs. penetration testing: Key similarities and differences

Automated vulnerability scanning with DAST tools and manual penetration testing are two distinct approaches to application security testing. Though the two are closely related and sometimes overlap, t...

What is vulnerability scanning and how do web vulnerability scanners work?

Vulnerability scanning is a fundamental cybersecurity practice for automating security testing. Especially in application security, it’s crucial to have a good vulnerability scanner that can automatic...

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Security vulnerabilities are often misunderstood and underestimated. Based on superficial application security knowledge, you might say that cross-site scripting is people putting script tags in form...

January 2023 update for Invicti Enterprise on-premises

Tue, 17 Jan 2023

This blog post announces the January 2023 update for Invicti Enterprise on-premises, highlighting cumulative enhancements to key integrations and several usability improvements.

October 2016 Netsparker EnterpriseUpdate

Tue, 18 Oct 2016

In this October 2016 update of our online web application security scanner Netsparker Enterprise we included some new features, new security checks and several product improvements.

October 2016 Netsparker Desktop Update

Mon, 03 Oct 2016

This post gives an overview of what is new and improved in the September 2016 update of Netsparker Desktop, the dead accurate web application security scanner.

September 2016 Netsparker Enterprise Update – Improved Users Permissions & New Vulnerability Tracking System

Thu, 22 Sep 2016

This release note gives an overview of what is new and improved in this September 2016 update of Netsparker Enterprise online web application security scanner.

Netsparker Desktop July 2016 Update – Introducing the HTTP Request Builder

Thu, 07 Jul 2016

In this July 2016 update of Netsparker Desktop, the only web vulnerability scanner with Proof-Based Scanning#TM# technology, we introduce a new penetration testing tool called the HTTP Request Builder.

July 2016 Netsparker Enterprise Update – REST Support, SRI Security Checks and a New Reporting Tool

Tue, 05 Jul 2016

In this July 2016 update of Netsparker Enterprise we announce full support for REST APIs, therefore you can now automatically scan and find vulnerabilities in RESTful web services. We also introduced a new Reporting tool and implemented new security checks for Subresource Integrity (SRI), SameSite cookies attribute and more.