The DAST-first mindset: A CISO’s perspective

The level of accuracy and automation of modern DAST platforms allows security leaders to make an outside-in approach the foundation of risk-based application security. Welcome to CISO’s Corner, and le...

Meet the future of AppSec: DAST-first application security

Being DAST-first means starting application security with validated, real-world testing that prioritizes actual exploitable risks. Invicti’s DAST-first platform leads the way towards integrating all A...

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summa...

Top 10 dynamic application security testing (DAST) tools for 2025

This guide explores the top 10 DAST tools for 2025, highlighting enterprise-grade solutions as well as open-source options. Learn how these tools help detect vulnerabilities, integrate with DevSecOps,...

Missing X-Frame-Options header? You should be using CSP anyway

When clickjacking attacks using iframes first became possible, browser vendors reacted by adding <code>X-Frame-Options</code> as a dedicated security header for controlling page embedding permissions....

First tokens: The Achilles’ heel of LLMs

The Assistant Prefill feature available in many LLMs can leave models vulnerable to safety alignment bypasses (aka jailbreaking). This article builds on prior research to investigate the practical asp...

Missing HTTP security headers: Avoidable risk, easy fix

Missing HTTP security headers can leave websites and applications exposed to a variety of attacks. If the browser fails to enforce security measures due to missing security headers, apps can be far mo...

DAST vs. penetration testing: Key similarities and differences

Automated vulnerability scanning with DAST tools and manual penetration testing are two distinct approaches to application security testing. Though the two are closely related and sometimes overlap, t...

What is vulnerability scanning and how do web vulnerability scanners work?

Vulnerability scanning is a fundamental cybersecurity practice for automating security testing. Especially in application security, it’s crucial to have a good vulnerability scanner that can automatic...

Ducks, dinosaurs, and XSS: A little knowledge is a dangerous thing in security

Security vulnerabilities are often misunderstood and underestimated. Based on superficial application security knowledge, you might say that cross-site scripting is people putting script tags in form...

January 2023 update for Invicti Enterprise on-premises

Tue, 17 Jan 2023

This blog post announces the January 2023 update for Invicti Enterprise on-premises, highlighting cumulative enhancements to key integrations and several usability improvements.

The New Netsparker Web Security Scanners: Automated Configuration of URL Rewrite Rules, Scan Policy Optimizer and Proof of Exploitation

Mon, 02 Nov 2015

We are happy to announce a new version of Netsparker Desktop and a new Netsparker Enterprise update. These updates include several new features and product updates and mostly focus on automating more of the pre-scan tasks, allowing you to easily get started with scanning hundreds and thousands of websites.

Netsparker 4.1 Release – New Security Checks and Improvements

Tue, 12 May 2015

In this new version of Netsparker Desktop there are two new security checks for web forms and base tag hijacking, and we also have a good number of improvements and bug fixes. Read this blog post for more information of what is new and improved in the only false positive free web application security scanner.

Netsparker 4 – Easier to Use, More Automation and Much More Web Security Checks

Tue, 17 Mar 2015

We are happy to announce the new Netsparker Desktop 4. The new version can automatically scan applications built with Google Web Toolkit, has an all new fully automated form authentication mechanism and is fully loaded with new web security and vulnerability checks.

Netsparker’s All New Online Web Application Security Scanner Netsparker Enterprise is Here

Wed, 11 Mar 2015

Read about the new features Netsparker Enterprise, the new online web application security scanner by Netsparker has and learn how your organization can leverage them to automatically identify vulnerabilities and security flaws in websites and web applications and ensure they are secure while saving on costs.

POODLE SSL Vulnerability – The End of Life for SSL 3.0

Wed, 15 Oct 2014

The newly discovered POODLE SSL vulnerability enables attackers to capture and read traffic encrypted using the SSL 3.0 protocol, which even though is fifteen years old the protocol is still widely supported for backward compatibility. Scan your web servers with Netsparker to check if they are vulnerable to the POODLE SSL vulnerability.

More Efficient and Precise Web Security Scans with New Netsparker 3.5.5

Wed, 13 Aug 2014

The new Netsparker version 3.5.5 has an improved URL rewrite rules wizards which allow users to fine tune the scanning of websites using URL rewrite rules for more efficient and precise web security scans.

Netsparker Web Application Security Scanner 3.5 Features Highlight

Tue, 15 Jul 2014

Finally Netsparker Web Application Security Scanner version 3.5 is available for download. Check out what is new in this new version of Netsparker and update your Netsparker today to benefit from the latest features and ensure you scan your web applications with the latest web vulnerability security tests.

Are Your Web Applications Vulnerable to Heartbleed SSL Vulnerability?

Fri, 11 Apr 2014

The Heartbleed vulnerability allows malicious hackers to access sensitive information such as users credentials and the web server private key from a web server’s memory. Scan your websites and web applications with Netsparker Web Application Security Scanner to check if they are vulnerable to the Heartbleed SSL vulnerability.

Netsparker 3.2 Released – New Features Overview

Wed, 22 Jan 2014

Netsparker Web Application Security Scanner Version 3.2 allows Netsparker users to scan and identify vulnerabilities and security issues automatically in SOAP web services. This version of the false positive free web vulnerability scanner also includes new request and response viewers, a number of improvements that make web vulnerability scans more efficient and a number of bug fixes.

Generate PCI DSS 3 Compliance Reports with the Latest Netsparker Update

Tue, 10 Dec 2013

This update of Netsparker includes an updated PCI DSS compliance report template that enables users to generate reports for PCI DSS version 3.0. The vulnerability classifications have also been updated to reflect the changes introduced in the new version of PCI DSS requirements. Read this post for more information about Netsparker 3.1.7.0

New Improved Netsparker 3.1.4 is Available for Download

Fri, 29 Nov 2013

A new version of Netsparker Web Application Security Scanner is available for download. This version 3.1.4 of Netsparker includes several improvements to the user interface to ease the process of configuring the scanner, and also includes several bug fixes. For more details about this new build of Netsparker read this blog post.

New Netsparker 3.1 is Available for Download

Wed, 20 Nov 2013

An overview of Netsparker Web Application Security Scanner Version 3.1 – Full HTML 5 web application support, new security checks for Web 2.0 web applications, automatic CSRF vulnerability detection, detailed analysis of target web applications and much more.