A voyage of discovery: Talking APIs with Frank Catucci and Dan Murphy

API security is not just another box to tick but a critical part of any modern web application security program—if you can tame sprawl both for APIs and for the tools to find and test them. With Invicti now offering API discovery and vulnerability testing on a single platform, we sat down with Invicti’s CTO, Frank Catucci, and Chief Architect, Dan Murphy, to get the straight deal on API security directly from the experts.

14 years of SQL injection history and still the most dangerous vulnerability

Getting developers on board to transition from part of the problem to part of the process

Are your web application developers key players in the web application security equation? They are often the unsung heroes who help prevent many security problems from ever occurring, or closing down web vulnerabilities once identified. Yet in the real world they are often portrayed as a large part of the security problem. It doesn’t have to be that way.

Shared Hosting and Web Application Security – The Opposites

Shared hosting might be an affordable solution for many businesses and startups, but because of the way shared hosting works web application security is not in your control. Read about all the pitfalls of shared web hosting and what you should look for when choosing a hosting provider for your web applications.

Should you pay for a Web Application Security Scanner?

If you ask 10 web security specialists which is their favorite web vulnerability scanner, most probably you will get 30 different answers. Digging deeper you will also find that while some prefer to use free tools, several others prefer to rely on a commercial web vulnerability scanning solution. This web security blog post highlights the differences between free web security tools and commercial web application security scanners.

Web Application Security Testing should be part of QA Testing

Web vulnerability scanning should form part of the normal QA process when developing web applications to ensure that a business develops and releases secure web applications. Unless project managers start classifying security vulnerabilities and other web application security issues as normal functionality bugs, web developers will keep on developing vulnerable web applications.

Why Web Vulnerability Testing Needs to be Automated

There are several pitfalls in web application security and one of them is sticking to manual audits only. This blog posts highlights the benefits of automating the process of finding vulnerabilities and other security issues in modern web applications. It also looks into the common pitfalls encountered by web security specialists when trying to identify all web application vulnerabilities manually.

OWASP Top 10 2017 web application vulnerabilities

In this article, we look into all the vulnerabilities listed in the OWASP Top 10 list of most critical web application weaknesses for 2017.

An XSS Vulnerability is Worth up to $10,000 According to Google

Google are willing to pay up to $10,000 to anyone who discovers a cross-site scripting vulnerability in one of their web applications. Why are Google doing so? Definitely not by coincidence. By exploiting a cross-site scripting vulnerability a malicious hacker can easily gain administrative access on a web application, gain control over it and where possible infiltrate deeper into the corporate network. Read this blog post for more information about the impact an exploited XSS can have on your business.

The Dangerous Complexity of Web Application Security

Modern web applications are becoming so complex that it is virtually impossible to check every possible attack vector and ensure it is not vulnerable without using an automated tool, such as Netsparker Web Application Security Scanner. The same applies for the modern trend of web application vulnerabilities, some of them can only be reproduced using automated means. Hence why the more complex a web application is, the bigger the need to use an automated web vulnerability scanner to identify vulnerabilities before malicious hackers do.

How to choose the right web security scanner to reduce false negatives

What are false negatives and why can automated web application security scanners fail to detect a vulnerability? This post explains what false negatives are and what to look for when searching for an automated web vulnerability scanner to ensure that it detects all vulnerabilities without leaving security gaps for malicious attackers to exploit.

Web Application Security Misconception; Are All Vulnerabilities Equally Dangerous?

In this web application security blog post, Robert Abela talks about a common misconception in the web security industry; are all vulnerabilities equally dangerous? Abela explains and answers this common misconception using an example with two of the most popular web application vulnerabilities typically listed in OWASP Top 10; Cross-site scripting (XSS) and SQL Injection.

Businesses Need Automated Web Application Security Scanners to Detect Web Vulnerabilities

This web application security articles highlights the reasons why businesses should use automated web application security scanners such as Netsparker to identify all vulnerabilities in their web applications. Automated web application security scanners can identify vulnerabilities from the OWASP Top 10 and much more, which are typically exploited by malicious hackers.