Web Security Blog

The risks of doing vulnerability testing and management for compliance only

Wed, 28 May 2025

In this instalment of CISO’s Corner, we deal with the pitfalls of mistaking compliance for security and see how adopting a risk-based mindset helps you stay secure in the real world while still checking all the right boxes.

Read more

Course: Introduction to Web Application Penetration Testing

Mon, 22 May 2017

This detailed course explains the different stages of a thorough web application security and penetration test. Using both videos and slides, this course is ideal for anyone who would like to get started with web application security and using an automated web vulnerability scanner.

What is an open redirection vulnerability and how to prevent it

Fri, 19 Jul 2019

How I Hacked my Smart TV from My Bed via a Command Injection

Thu, 06 Apr 2017

This article explains how I was able to exploit a command injection vulnerability in my Smart TV and use Netcat to gain remote shell access on the TV set.

Ferruh Talks About Netsparker Hawk on Paul’s Security Weekly #506

Tue, 23 May 2017

In episode #506 of Paul’s Security Weekly, our founder and CEO Ferruh Mavituna explains how Netsparker Hawk detects out-of-band vulnerabilities in web applications.

Information Disclosure Vulnerability, Attacks, and Example

Wed, 19 Jun 2019

What is remote file inclusion?

Thu, 04 Jul 2019

What is SQL Injection?

Thu, 12 Oct 2017

What is SQL injection? The SQL injection vulnerability allows malicious hackers to inject arbitrary code in SQL queries, thus being able to directly retrieve and alter data stored in a website’s database.

Missing Function Level Access Control Vulnerabilities in Maian Support Helpdesk Allow Complete Take Over of the System

Wed, 22 Feb 2017

This article looks into the details of how malicious hackers can exploit a number of missing function level access control vulnerabilities to take over an installation of Maian Support Helpdesk, a web application developed in php.

Steam Gaming & Entertainment Platform Vulnerable to Cross-site Scripting Vulnerability

Thu, 09 Feb 2017

This article looks into the technical details of the cross-site scripting vulnerability (XSS) that the Steam entertainment platform was vulnerable to. It also explains how the attackers could exploit this vulnerability.

Keeping your Web applications in check with HIPAA compliance

Mon, 22 May 2017

HIPAA compliance is more than simply checking boxes and meeting the minimum audit requirements. You should ensure your web applications are secure and use the compliance act as a guideline.

Identifying WordPress Websites On Local Networks (behind Firewalls) and Bruteforcing the Login Pages

Mon, 22 May 2017

This article explains how attackers can use the XSHM attack to identify WordPress websites running on internal networks and behind firewalls, and also launch a login bruteforce attack against them.

SQL Injection Prevention Techniques for Ruby on Rails Web Applications

Wed, 14 Dec 2016

This article looks into several techniques which Ruby on Rails developers can use to develop web applications that are not vulnerable to the notorious SQL injection vulnerability.