Top 5 injection attacks in application security

Injection attacks work by including a payload in unvalidated user input and getting a vulnerable web application to execute it. This post lists the most common injection attacks against web applications and APIs, discusses the vulnerabilities that make them possible, and shows ways to detect and prevent such security issues.

CRLF injection, HTTP response splitting, and HTTP header injection vulnerabilities

What is a local file inclusion vulnerability?

What is the command injection vulnerability?

Yandex Browser Vulnerability Allows Attackers to Steal Victim’s Browsing Data

This post explains how a malicious hacker can exploit a CSRF vulnerability in the Yandex browser that would allow them to get hold of the victim’s confidential browsing data, including bookmarks, browsing history and also saved usernames and passwords.

Web Application Security and the SDLC Discussed on the Virtualization and Cloud Security Podcast

Ferruh Mavituna, Netsparker’s CEO talks about web application security automation and scalability with Edward Haletky in episode 17 of the Virtualizastion and Cloud Security Podcast.

Subresource Integrity (SRI) for Validating Web Resources Hosted on Third Party Services (CDNs)

This article explains what is Subresource Integrity (SRI), how it works and how it helps web application developers ensure a more secure web environment especially when hosting resources on third party servers and services such as Content Delivery Networks (CDNs).

Web Application Security Basics – Keeping All Your Software Up To Date

What can we learn from the Mossack Fonseca hack and the Panama Papers leak? This article highlights the repercussions of ignoring one of the most basic concepts of IT and web application security; not updating your software.

Security Weekly Talks About Web Application Security & Automation with Netsparker CEO

In this episode of Security Weekly, Netsparker CEO Ferruh Mavituna talks about automating and scaling up the process of web application security scanning.

VIDEO: What is Netsparker? An Interview with Ferruh Mavituna

In this video interview, Netsparker CEO and founder Ferruh Mavituna explains what is Netsparker and also talks about the technology that makes the Netsparker web vulnerability scanning technology dead-accurate.

SQL injection cheat sheet

The Importance of Finding All Vulnerabilities on Your Web Applications

Although compliance is mandatory, a secure web application is more important. This article explains why website owners should focus on finding and fixing all possible vulnerabilities on their web applications, even if it means doing much more than PCI DSS compliance require.