Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Thu, 15 May 2025

Vibe coding is one of the hottest trends in software right now, promising to radically change how we build apps by using natural language instead of traditional programming. But beyond the buzz, what does it actually mean and what are the risks?

Second-Order Remote File Inclusion (RFI) Vulnerability Introduction & Example

Thu, 11 Jan 2018

This article provides an introduction to the Second-Order Remote File Inclusion (RFI) vulnerability, with an example, and explains how Netsparker can detect it.

Netsparker’s Weekly Security Roundup 2017 – Week 52

Mon, 08 Jan 2018

In this week’s edition of our security roundup: HPKP and HSTS preload bypasses, a vBulletin LFI on Windows hosts and three creative sources of user input in order to exploit XSS vulnerabilities.

ROBOT Attack Revives a 19-Year Old Vulnerability

Fri, 05 Jan 2018

The ROBOT Attack revives a 19-year old Oracle vulnerability first discovered and reported by Daniel Bleichenbacher in 1998. It involves sending Client Key Exchange messages with wrong paddings while a TLS-RSA handshake is being negotiated. Vulnerable servers then enabled hackers to decrypt ciphertext or sign data.

Podcast on CSP – The Last Line of XSS Defense

Tue, 05 Dec 2017

Watch episode #536 of Paul’s Security Weekly in which Sven Morgenroth, our security researcher, explains and shows how you can use Content Security Policy (CSP) to protect your website from cross-site scripting vulnerabilities.

Grammarly Vulnerability Allows Attackers To See Sensitive Data of Their Customers

Wed, 22 Nov 2017

Our security researcher discusses the potential implications of the cross-site request forgery (CSRF) issue found in Grammarly and the importance of cross-site request forgery protection.

Exploiting SSTI and XSS in the CMS Made Simple Web Application

Fri, 10 Nov 2017

Our Security Researcher found a vulnerability in a parameter in a URL in the address bar of the browser. Read more about how he did it, and how he was able to exploit it to carry out a few harmless changes.

Live Demo: Exploiting Apache Struts Vulnerabilities

Mon, 09 Oct 2017

Our CEO, Ferruh Mavituna, and Security Researcher, Sven Morgenroth, talk about the Equifax hack on Hack Naked News, and give a live demo of how to detect and exploit OGNL Expression Injection vulnerabilities in Apache Struts.

The Equifax Breach – The Signs Were There

Thu, 21 Sep 2017

A detailed report detailing about Equifax was hacked, including quotes from David Hoyt, the security researcher who identified and reported vulnerabilities on the Equifax website months before the data breach happened.

Risky Business Podcast Interviews Ferruh Mavituna on How to Find Vulnerabilities in 1,000 Web Applications

Wed, 13 Sep 2017

Listen to our CEO Ferruh Mavituna’s interview on the Risky Business podcast, in which he explains how enterprises can use their resources and the right tools to scan 1,000 web applications in just twenty-four hours.

Live Demo of How to Bypass Web Application Firewalls & Filters

Thu, 07 Sep 2017

Watch our security researcher’s live demo, during which he explains how attackers can bypass filters in web application firewalls to exploit security issues in vulnerable web applications.

Vulnerable Web Applications on Developers, Computers Allow Hackers to Bypass Corporate Firewalls

Thu, 20 Jul 2017

A detailed explanation with examples of how malicious hackers can attack vulnerable web applications typically running on developers computers to bypass firewalls and hack other web applications on the local network.

Discussing Web Vulnerability Scanning in Continuous Integration on Enterprise Security Weekly

Fri, 14 Jul 2017

Netsparker CEO Ferruh Mavituna talks about the role and importance of automated web vulnerability scanning in continuous integration environments during episode 53 of Enterprise Security Weekly.