New OAuth2 Authentication Feature From March 2019, Netsparker Standard will support the OAuth2 authentication framework. This new feature means that users will now be able to configure scans for websites that require OAuth2 authentication. This is one of the March 2019 Updates for the new release of Netsparker Standard 5.3.
Type Juggling Authentication Bypass Vulnerability in CMS Made Simple Our researcher, Sven Morgenroth, explains how he found an Authentication Bypass in CMS Made Simple, what PHP Type Juggling is, and why you should never use the unserialize function together with user-supplied input.
Passwords vs. Pass Phrases – Innovation and Evolution This third and last password paper looks into new innovations and evolution of passwords and authentication mechanisms. It looks into what other options there are available should we opt for something more secure than passwords and pass phrases.
Netsparker Cannot Login to My Website This Netsparker Desktop frequently asked questions looks into the alternative methods that you can use to scan a password protected website should Netsparker fail to authenticate automatically.
Passwords vs. Pass Phrases – Weaknesses Beyond the Password Using strong passwords is not enough, the whole system should be built well to ensure that the underlying technology can survive a data breach, when, and not if it happens. In fact a modernized approach to password ideology is only one of the several necessary steps for a highly-secured system
Passwords vs. Pass Phrases – An Ideological Divide The concept of passwords is very old and the more efficient offline password crackers are becoming, the more difficult it is for users to come up with complex passwords. This whitepaper looks into how efficient complex passwords are and highlights other alternatives to complex passwords.
Why You Should Run Authenticated Web Security Scans Do you scan all sections of your web applications, including the authenticated sections? In this blog post you will find a number of reasons why you and every other web security expert and penetration testers should run authenticated web application security scans.
