Web Security Blog

ASPM vendors: Things to look for in an ASPM solution

Tue, 01 Jul 2025

Not all ASPM vendors are alike—some merely aggregate data from external tools, while others build posture management into robust testing platforms. This article explores what meaningful ASPM should look like and why a DAST-first foundation is key to cutting through noise and improving real security outcomes.

Read more

An abundance of caution: Why the curl buffer overflow is not the next Log4Shell

Tue, 24 Oct 2023

Rapid Reset HTTP/2 vulnerability: When streaming leads to flooding

Mon, 16 Oct 2023

Top 5 application security misconfigurations

Thu, 12 Oct 2023

Hacking the hackers: Borrowing good habits from bad actors

Mon, 02 Oct 2023

NIST Cybersecurity Framework gets user-friendly: Upcoming changes in CSF v2.0

Fri, 22 Sep 2023

Surviving the API apocalypse: How to defeat zombie APIs

Thu, 14 Sep 2023

PCI DSS v4.0 makes integrated application security a compliance requirement

Fri, 08 Sep 2023

DAST tools are only as good as their setup and support

Thu, 31 Aug 2023

Invicti Insights: Experiences and lessons learned from Black Hat USA 2023

Fri, 18 Aug 2023

Building accurate DAST into the CI/CD pipeline saves you time – and money

Fri, 11 Aug 2023

Cyber workforce shortages still loom large – but the cavalry is coming

Fri, 04 Aug 2023

SAST vs. DAST vs. IAST: Everything you always wanted to know but were afraid to AST

Wed, 26 Jul 2023