Web Security Blog

The risks of doing vulnerability testing and management for compliance only

Wed, 28 May 2025

In this instalment of CISO’s Corner, we deal with the pitfalls of mistaking compliance for security and see how adopting a risk-based mindset helps you stay secure in the real world while still checking all the right boxes.

Read more

CWE Top 25 for 2023: Buffer overflows, XSS, SQL injection lead the pack

Fri, 07 Jul 2023

MOVEit Transfer breaches are a perfect storm of application security risks

Fri, 30 Jun 2023

Invicti Insights: Women in engineering changing the game

Fri, 23 Jun 2023

What’s missing from the OWASP API Security Top 10 2023

Thu, 22 Jun 2023

Why penetration testing tools don’t work as enterprise scanners

Fri, 16 Jun 2023

SQL injection vulnerability in MOVEit Transfer leads to data breaches worldwide

Thu, 08 Jun 2023

New guidelines from NIST stress the need for accurate vulnerability assessment and disclosure

Tue, 06 Jun 2023

How APIs creep up on you – and how to stay secure regardless

Fri, 02 Jun 2023

SSDLC vs SDLC vs SDL: Security Development Lifecycle Explained

Tue, 30 May 2023

5 reasons why proof-based scanning is a game-changer

Fri, 26 May 2023

Top 4 resources for building a security champions program

Tue, 23 May 2023

5 reasons why continuous vulnerability testing and management beats ad-hoc scanning

Fri, 19 May 2023