Web Security Blog

Sensitive data exposure in public web assets: A hidden threat

How often do websites publicly expose sensitive data? Invicti security researcher Kadir Arslan decided to write a custom security check and see what he could find across the world’s 10,000 most popular sites – and what he found were hundreds of exposed secrets.

Read more

Investigating CQL injection in Apache Cassandra

How to choose the right application security tools

One year since Log4Shell, two since SolarWinds: What’s coming in 2023?

Which open-source vulnerability scanner is right for you?

Sleeping on your application security? The bots are always wide awake

DAST tools as force multipliers for human cybersecurity skills

Invicti’s automated DAST turns heads at it-sa Expo&Congress 2022

Path traversal in Java web applications – announcing the Invicti technical paper

OpenSSL 3.0.0–3.0.6 vulnerabilities: Less Heartbleed, more paper cut