Never mind the buzzwords: Here’s the straight deal on application security

The shifting tides of security hype and buzzwords move with the seasons, yet the fundamental challenges remain the same. We sat down with seasoned CTOs Ken Schirrmacher of Park ‘N Fly and Frank Catucci of Invicti Security to discuss best practices for web application and API security, roughing up more than one security buzzword along the way.

Demo: Exploiting a Blind XSS & Second Order SQL Injection

How you can disable directory listing on your web server – and why you should

Preventing Cross-site Scripting Vulnerabilities When Developing Ruby on Rails Web Applications

This article uses examples to explain how to develop secure web applications in Ruby on Rails that are not vulnerable to cross-site scripting vulnerabilities.

Course: Introduction to Web Application Penetration Testing

This detailed course explains the different stages of a thorough web application security and penetration test. Using both videos and slides, this course is ideal for anyone who would like to get started with web application security and using an automated web vulnerability scanner.

What is an open redirection vulnerability and how to prevent it

How I Hacked my Smart TV from My Bed via a Command Injection

This article explains how I was able to exploit a command injection vulnerability in my Smart TV and use Netcat to gain remote shell access on the TV set.

Ferruh Talks About Netsparker Hawk on Paul’s Security Weekly #506

In episode #506 of Paul’s Security Weekly, our founder and CEO Ferruh Mavituna explains how Netsparker Hawk detects out-of-band vulnerabilities in web applications.

Information disclosure vulnerabilities and attacks in web applications

What is remote file inclusion?

What is SQL Injection?

What is SQL injection? The SQL injection vulnerability allows malicious hackers to inject arbitrary code in SQL queries, thus being able to directly retrieve and alter data stored in a website’s database.

Missing Function Level Access Control Vulnerabilities in Maian Support Helpdesk Allow Complete Take Over of the System

This article looks into the details of how malicious hackers can exploit a number of missing function level access control vulnerabilities to take over an installation of Maian Support Helpdesk, a web application developed in php.

Steam Gaming & Entertainment Platform Vulnerable to Cross-site Scripting Vulnerability

This article looks into the technical details of the cross-site scripting vulnerability (XSS) that the Steam entertainment platform was vulnerable to. It also explains how the attackers could exploit this vulnerability.