Web Security Blog

ASPM vendors: Things to look for in an ASPM solution

Tue, 01 Jul 2025

Not all ASPM vendors are alike—some merely aggregate data from external tools, while others build posture management into robust testing platforms. This article explores what meaningful ASPM should look like and why a DAST-first foundation is key to cutting through noise and improving real security outcomes.

Read more

How to tackle false positives in web application security

Fri, 08 Apr 2022

Invicti’s Spring 2022 AppSec Indicator highlights unrelenting direct-impact flaws

Tue, 05 Apr 2022

Spring4Shell: What you need to know

Wed, 20 Apr 2022

Never trust, always check: Catching partial fixes and buggy patches

Fri, 25 Mar 2022

Input Validation Errors: Vulnerability, Examples, Fixes, Missing Input, and more

Mon, 21 Mar 2022

How to ensure REST API security

Fri, 11 Mar 2022

DAST, IAST, SCA security testing: Deeper coverage in a single scan

Mon, 28 Feb 2022

The cutting-edge conundrum: Why federal agencies can’t compromise on security

Tue, 22 Feb 2022

AppSec best practices for security that sticks

Fri, 11 Feb 2022

How to avoid API blind spots in web application security testing

Fri, 04 Feb 2022

Common authentication and authorization vulnerabilities (and how to avoid them)

Wed, 02 Feb 2022

Zero trust countdown: New OMB memo stresses urgency for modern AppSec

Fri, 28 Jan 2022