The risks of doing vulnerability testing and management for compliance only

Wed, 28 May 2025

In this instalment of CISO’s Corner, we deal with the pitfalls of mistaking compliance for security and see how adopting a risk-based mindset helps you stay secure in the real world while still checking all the right boxes.

The Equifax Breach – The Signs Were There

Thu, 21 Sep 2017

A detailed report detailing about Equifax was hacked, including quotes from David Hoyt, the security researcher who identified and reported vulnerabilities on the Equifax website months before the data breach happened.

Risky Business Podcast Interviews Ferruh Mavituna on How to Find Vulnerabilities in 1,000 Web Applications

Wed, 13 Sep 2017

Listen to our CEO Ferruh Mavituna’s interview on the Risky Business podcast, in which he explains how enterprises can use their resources and the right tools to scan 1,000 web applications in just twenty-four hours.

Live Demo of How to Bypass Web Application Firewalls & Filters

Thu, 07 Sep 2017

Watch our security researcher’s live demo, during which he explains how attackers can bypass filters in web application firewalls to exploit security issues in vulnerable web applications.

Vulnerable Web Applications on Developers, Computers Allow Hackers to Bypass Corporate Firewalls

Thu, 20 Jul 2017

A detailed explanation with examples of how malicious hackers can attack vulnerable web applications typically running on developers computers to bypass firewalls and hack other web applications on the local network.

Discussing Web Vulnerability Scanning in Continuous Integration on Enterprise Security Weekly

Fri, 14 Jul 2017

Netsparker CEO Ferruh Mavituna talks about the role and importance of automated web vulnerability scanning in continuous integration environments during episode 53 of Enterprise Security Weekly.

Collision Based Hashing Algorithm Disclosure

Wed, 10 Jan 2018

This detailed article explains how you can use the Collision Based Hashing Algorithm Disclosure method to check if the target web application uses the weak SHA-1 hashing algorithm to hash the users’ passwords.

The Advantage of Heuristic Over Signature Based Web Vulnerability Scanners

Thu, 29 Jun 2017

This article explains how both the heuristic and signature based web application security scanners work. It also explains the pros and cons of both types of scanners.

Infosecurity Europe 2017 Tech Talk: Scaling-Up & Automating Web Application Security

Tue, 20 Jun 2017

Watch our CEO’s tech talk about the challenges of automating and scaling-up web application security. Ferruh delivered this presentation at Infosecurity Europe 2017, one of Europe’s biggest IT security conferences.

XSS, CSRF & Other Vulnerabilities in CubeCart Web Application

Fri, 12 Jan 2018

This article explains in details the various vulnerabilities Netsparker’s security researchers identified in CubeCart, an open source ecommerce solution.

Demo: Exploiting a Blind XSS & Second Order SQL Injection

Thu, 11 May 2017

How you can disable directory listing on your web server—and why you should

Wed, 01 May 2024

Preventing Cross-site Scripting Vulnerabilities When Developing Ruby on Rails Web Applications

Wed, 19 Apr 2017

This article uses examples to explain how to develop secure web applications in Ruby on Rails that are not vulnerable to cross-site scripting vulnerabilities.