Web Security Blog

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Tue, 24 Jun 2025

It’s an interesting time to be leading security for a software-driven organization. The speed at which we deliver code has never been faster, and the expectations around security have also never been higher. As a result, the metrics we’ve historically used to measure application security are increasingly inadequate, even misleading.

Read more

What is the Low Orbit Ion Cannon (LOIC)?

Wed, 24 Jul 2019

What are man-in-the-middle attacks (MITM) and how to avoid them

Thu, 11 Jul 2019

XSS Auditors – Abuses, Updates and Protection

Tue, 09 Jul 2019

The Problem of String Concatenation and Format String Vulnerabilities

Thu, 27 Jun 2019

Announcing the Enterprise Web Security Best Practices Whitepaper

Fri, 14 Jun 2019

Ferruh Mavituna Talks About Discovering Websites on Business Security Weekly #129

Tue, 11 Jun 2019

IP Disclosure of Servers Behind WAFs Using WordPress XML-RPC

Mon, 03 Jun 2019

Frame Injection Attacks

Thu, 30 May 2019

Sven Morgenroth, Netsparker – Application Security Weekly #60

Wed, 29 May 2019

New Generation Robots.txt: Apple App-Site-Association

Wed, 22 May 2019

Content-Type and Status Code Leakage

Tue, 14 May 2019