What your vulnerability scanner won’t find: Limitations of automated testing

Security Weekly and Ferruh Mavituna Talk Automation and Scaling Up Web Application Security

Mon, 22 May 2017

During episode #442 of Security Weekly, Ferruh Mavituna, Paul Asadoorian, Jeffrey Man and several other web security professionals talk about the challenges of automating web application security and how companies can scale up automated web application security scanning and scan 100s and 1000s of web applications with the least possible resources.

Understanding the Differences Between Technical and Logical Web Application Vulnerabilities

Mon, 22 May 2017

Web application vulnerabilities can be split within two categories; logical and technical vulnerabilities. This post explains the main differences between these two different vulnerability categories.

The Dark Web: Black Market Websites, Script Kiddies, Hacking and more…

Tue, 31 Oct 2017

Have you ever wondered about what happens in the digital black market, or as better known the dark web? Do you know how easy it is for someone who does not have any security experience to buy a tool that can find vulnerabilities in websites and exploit them automatically? Read this article for more detailed information of how the dark web evolved and about the things you and anyone else can do with just a little bit of money.

An Easy to Use Web Application Security Scanner Means More Secure Web Applications

Mon, 22 May 2017

Most security software is very difficult to use hence businesses and organizations are failing to ensure the security of their IT assets. See how Netsparker is helping businesses ensure the long term security of their websites and web applications by developing an easy to use web application security scanner that also allows more automation.

Using Invicti To Comply With The OWASP Application Security Verification Standard When Developing Web Applications

Mon, 22 May 2017

The OWASP Application Security Verification Standard is a set of standards developed by OWASP to help developers write more secure code and web applications. This article explains how an automated web application security scanner such as Netsparker can help you comply with OWASP ASVS and develop more secure web applications.

Security Weekly Interviews Ferruh Mavituna about Web Application Security

Mon, 22 May 2017

In this interview with Security Weekly, Ferruh talks about web application security and explains how he got started, why Netsparker Enterprise is the ideal tool for large organizations who would like to ensure the security of all their web applications, explains how the false positive free vulnerability scanning technology works and much more.

Netsparker Enterprise or Netsparker Desktop?

Tue, 23 May 2017

Should you use the desktop edition of Netsparker or go for Netsparker Enterprise, the new online web application security scanner? This article talks about the scope of both products and explains in detail what they are to help you better understand both products and choose the best solution.

What Can You Learn from 87 Advisories About Web Application Vulnerabilities?

Mon, 22 May 2017

This article looks into the details of all the 87 advisories Netsparker published about SQL Injection, XSS and other vulnerabilities Netsparker Web Application Security Scanner identified in several open source web applications. It uses statistics to highlight the state of security of both open source and non open source web applications.

Passwords vs. Pass Phrases – Innovation and Evolution

Mon, 22 May 2017

This third and last password paper looks into new innovations and evolution of passwords and authentication mechanisms. It looks into what other options there are available should we opt for something more secure than passwords and pass phrases.

Social Hacking of Support and Implementation Teams

Mon, 22 May 2017

Customer facing teams such as support and customer service are typically the target of social engineering attacks because even though typically they are the weakest link in a company’s security strategy, they hace access to some of the most sensitive information.

An automated scanner that finds all OWASP Top 10 security flaws? Really?

Fri, 02 Aug 2019

Shellshock Exploit and Vulnerability Explained | Bash RCE

Thu, 09 Nov 2017

The Shellshock Bash vulnerability allows an attacker to send operating system commands to the web server operating system, thus allowing the attacker to take over the server. This web security article explains what is the Shellshock vulnerability and how you can automatically check if your web environment is vulnerable to this critical vulnerability.