Netsparker is now Invicti
Get a demo
Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World 100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Get a demo
  • Product
    • Web Application Security
    • API Security
    • Features
    • DAST
    • SAST
    • SCA
    • Container Security
  • Why Us?
    • Solutions
      • Industries
        • IT & Telecom
        • Government
        • Financial Services
        • Education
        • Healthcare
      • Roles
        • CTO & CISO
        • Engineering Manager
        • Security Engineer
        • DevSecOps
    • Comparison
    • Case studies
    • Customers
    • Testimonials
  • Pricing
  • About Us
    • Our Story
    • In the news
    • Careers
    • Contact us
  • Resources
    • Blog
    • Live Trainings
    • Podcasts
    • Invicti Learn
    • Resource Library
    • Partners
      • Channel
      • MSSP
    • Support
Web Security Blog
  • Web Security
  • Security Labs
  • News
  • Product Docs & FAQs

The risks of doing vulnerability testing and management for compliance only

Wed, 28 May 2025

In this instalment of CISO’s Corner, we deal with the pitfalls of mistaking compliance for security and see how adopting a risk-based mindset helps you stay secure in the real world while still checking all the right boxes.

Read more

How We Found & Exploited a Layer 7 DoS Attack on FogBugz

Wed, 07 Feb 2018

This article examines how the specific application behaviour we reported finding in Fogbugz early in July 2017 was manipulated to overload systems leading to a DoS situation. Testing for this vulnerability involved checking HTTP status codes, response size and timing.

Netsparker’s Weekly Security Roundup 2018 – Week 04

Fri, 02 Feb 2018

In this week’s edition of our security roundup: Thanks to Chrome’s new Site Isolation feature, the X-Content-Type-Options header is more important than ever.

Application Level Denial of Service – A Comprehensive Guide

Fri, 19 Jan 2018

Application level Denial of Service attacks are designed to render systems unresponsive, denying the services for users. They are notoriously difficult to detect & prevent and underestimated. This comprehensive guide explains how to identify and remove the conditions necessary for DoS attacks.

Netsparker’s Weekly Security Roundup 2018 – Week 02

Wed, 17 Jan 2018

In this week’s edition of our security roundup: directory listings can lead to account takeover, accessibility and security of US government websites and certification authority with AlwaysOnSSL.

Netsparker’s Weekly Security Roundup 2018 – Week 01

Thu, 11 Jan 2018

In this week’s edition of our security roundup: The Impact of Meltdown and Spectre On the Web and HTTP Verb Tampering and a phpMyAdmin Cross-Site Request Forgery.

Second-Order Remote File Inclusion (RFI) Vulnerability Introduction & Example

Thu, 11 Jan 2018

This article provides an introduction to the Second-Order Remote File Inclusion (RFI) vulnerability, with an example, and explains how Netsparker can detect it.

Netsparker’s Weekly Security Roundup 2017 – Week 52

Mon, 08 Jan 2018

In this week’s edition of our security roundup: HPKP and HSTS preload bypasses, a vBulletin LFI on Windows hosts and three creative sources of user input in order to exploit XSS vulnerabilities.

ROBOT Attack Revives a 19-Year Old Vulnerability

Fri, 05 Jan 2018

The ROBOT Attack revives a 19-year old Oracle vulnerability first discovered and reported by Daniel Bleichenbacher in 1998. It involves sending Client Key Exchange messages with wrong paddings while a TLS-RSA handshake is being negotiated. Vulnerable servers then enabled hackers to decrypt ciphertext or sign data.

Podcast on CSP – The Last Line of XSS Defense

Tue, 05 Dec 2017

Watch episode #536 of Paul’s Security Weekly in which Sven Morgenroth, our security researcher, explains and shows how you can use Content Security Policy (CSP) to protect your website from cross-site scripting vulnerabilities.

Grammarly Vulnerability Allows Attackers To See Sensitive Data of Their Customers

Wed, 22 Nov 2017

Our security researcher discusses the potential implications of the cross-site request forgery (CSRF) issue found in Grammarly and the importance of cross-site request forgery protection.

Exploiting SSTI and XSS in the CMS Made Simple Web Application

Fri, 10 Nov 2017

Our Security Researcher found a vulnerability in a parameter in a URL in the address bar of the browser. Read more about how he did it, and how he was able to exploit it to carry out a few harmless changes.

Live Demo: Exploiting Apache Struts Vulnerabilities

Mon, 09 Oct 2017

Our CEO, Ferruh Mavituna, and Security Researcher, Sven Morgenroth, talk about the Equifax hack on Hack Naked News, and give a live demo of how to detect and exploit OGNL Expression Injection vulnerabilities in Apache Struts.

< 1 … 34 35 36 37 38 39 40 … 45 >
Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World

Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US

© Invicti 2025

  • RESOURCES
    • Features
    • Integrations
    • Plans
    • Case Studies
    • Changelogs
    • Invicti Learn
  • USE CASES
    • Penetration Testing Software
    • Website Security Scanner
    • Ethical Hacking Software
    • Web Vulnerability Scanner
    • Comparisons
    • Online Application Scanner
  • WEB SECURITY
    • The Problem with False Positives
    • Why Pay for Web Scanners
    • SQL Injection Cheat Sheet
    • Getting Started with Web Security
    • Vulnerability Index
    • Content Security Policy (CSP) Directives, Examples, Fixes
  • COMPARISON
    • Acunetix vs. Invicti
    • Burp Suite vs. Invicti
    • Checkmarx vs. Invicti
    • Probely vs. Invicti
    • Qualys vs. Invicti
    • Tenable Nessus vs. Invicti
  • COMPANY
    • About Us
    • Contact Us
    • Support
    • Careers
    • Resources
    • Partners
© Invicti 2025
  • Compliance
  • Legal
  • Privacy Policy
  • California Privacy Rights
  • Terms of Use
  • Accessibility
  • Sitemap

By using this website you agree with our use of cookies to improve its performance and enhance your experience. More information in our Privacy Policy.