Netsparker is now Invicti
Get a demo
Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World 100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Get a demo
  • Product
    • Web Application Security
    • API Security
    • Features
    • DAST
    • SAST
    • SCA
    • Container Security
  • Why Us?
    • Solutions
      • Industries
        • IT & Telecom
        • Government
        • Financial Services
        • Education
        • Healthcare
      • Roles
        • CTO & CISO
        • Engineering Manager
        • Security Engineer
        • DevSecOps
    • Comparison
    • Case studies
    • Customers
    • Testimonials
  • Pricing
  • About Us
    • Our Story
    • In the news
    • Careers
    • Contact us
  • Resources
    • Blog
    • Live Trainings
    • Podcasts
    • Invicti Learn
    • Resource Library
    • Partners
      • Channel
      • MSSP
    • Documentation
Web Security Blog
  • Web Security
  • Security Labs
  • News
  • Product Docs & FAQs

Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul’s Security Weekly Podcast

Thu, 20 Dec 2018

End of Support for PHP 5 and PHP 7.0

Tue, 18 Dec 2018

PHP Wrappers, Streams & Local File Intrusion (LFI)

Wed, 14 Nov 2018

Sven Morgenroth Talks About PHP Type Juggling on Paul’s Security Weekly Podcast

Tue, 18 Sep 2018

PHP Type Juggling Exploit: Vulnerability, Payloads, and Fixes

Wed, 22 Aug 2018

PHP Unserialize: Never Pass Untrusted Data Online

Thu, 29 Mar 2018

Unserialize is a PHP function that, while often classified as a security risk, is seldom defined. This article explains the vulnerability and contains a PHP Classes Crash Course that includes properties and ‘magic methods’. It uses examples to illustrate the basic concepts of Deserialization, PHP Object Injection and Class Autoloading in PHP.

Netsparker’s Weekly Security Roundup 2018 – Week 05

Fri, 09 Feb 2018

In this week’s edition of our security roundup: why you should be careful what you put into your composer.json file, why you need to use a Package Manager, the Principle of Least Privilege and DNS Rebinding

Missing Function Level Access Control Vulnerabilities in Maian Support Helpdesk Allow Complete Take Over of the System

Wed, 22 Feb 2017

This article looks into the details of how malicious hackers can exploit a number of missing function level access control vulnerabilities to take over an installation of Maian Support Helpdesk, a web application developed in php.

Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World

Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US

© Invicti 2025

  • RESOURCES
    • Features
    • Integrations
    • Plans
    • Case Studies
    • Release Notes
    • Invicti Learn
  • USE CASES
    • Penetration Testing Software
    • Website Security Scanner
    • Ethical Hacking Software
    • Web Vulnerability Scanner
    • Comparisons
    • Online Application Scanner
  • WEB SECURITY
    • The Problem with False Positives
    • Why Pay for Web Scanners
    • SQL Injection Cheat Sheet
    • Getting Started with Web Security
    • Vulnerability Index
    • Content Security Policy (CSP) Directives, Examples, Fixes
  • COMPARISON
    • Acunetix vs. Invicti
    • Burp Suite vs. Invicti
    • Checkmarx vs. Invicti
    • Probely vs. Invicti
    • Qualys vs. Invicti
    • Tenable Nessus vs. Invicti
  • COMPANY
    • About Us
    • Contact Us
    • Documentation
    • Careers
    • Resources
    • Partners
© Invicti 2025
  • Compliance
  • Legal
  • Privacy Policy
  • California Privacy Rights
  • Terms of Use
  • Accessibility
  • Sitemap

By using this website you agree with our use of cookies to improve its performance and enhance your experience. More information in our Privacy Policy.