The risks of doing vulnerability testing and management for compliance only

Remote Code Evaluation (Execution) Vulnerability

Tue, 01 Nov 2016

This article explains what the Remote Code Evaluation (execution) vulnerability is and how attackers can exploit it. The article also explains of what you should do as a developer to prevent this vulnerability.

Paul’s Security Weekly #483 – Netsparker CEO Talks on CSRF, WAFs, Selenium and CSP

Mon, 10 Oct 2016

Ferruh Mavituna, Netsparker’s CEO and founder talks at length about web application security testing, the SQL Injection vulnerability and the security standard Content Security Policy (CSP) in the popular podcast Paul’s Security Weekly, episode number 483.

Exploiting a CSRF Vulnerability in MongoDB Rest API

Fri, 23 Sep 2016

This article explains how attackers can exploit a Cross-site Request Forgery (CSRF) vulnerability in the MongoDB REST API to extract data from the database of the vulnerable database management system.

CRLF injection, HTTP response splitting, and HTTP header injection vulnerabilities

Thu, 23 May 2019

What is a local file inclusion vulnerability?

Fri, 10 May 2019

SameSite Cookie Attribute: Preventing CSRF SameSite Exploits

Tue, 23 Aug 2016

This article looks into the details of how the Same-Site cookie attribute works and how it can be used to help prevent malicious cross-site request forgery (CSRF) attacks.

What is the command injection vulnerability?

Thu, 04 Jul 2019

Yandex Browser Vulnerability Allows Attackers to Steal Victim’s Browsing Data

Tue, 09 Aug 2016

This post explains how a malicious hacker can exploit a CSRF vulnerability in the Yandex browser that would allow them to get hold of the victim’s confidential browsing data, including bookmarks, browsing history and also saved usernames and passwords.

Web Application Security and the SDLC Discussed on the Virtualization and Cloud Security Podcast

Mon, 22 May 2017

Ferruh Mavituna, Netsparker’s CEO talks about web application security automation and scalability with Edward Haletky in episode 17 of the Virtualizastion and Cloud Security Podcast.

Subresource Integrity (SRI) for Validating Web Resources Hosted on Third Party Services (CDNs)

Wed, 29 Jun 2016

This article explains what is Subresource Integrity (SRI), how it works and how it helps web application developers ensure a more secure web environment especially when hosting resources on third party servers and services such as Content Delivery Networks (CDNs).

Web Application Security Basics – Keeping All Your Software Up To Date

Mon, 22 May 2017

What can we learn from the Mossack Fonseca hack and the Panama Papers leak? This article highlights the repercussions of ignoring one of the most basic concepts of IT and web application security; not updating your software.

Security Weekly Talks About Web Application Security & Automation with Netsparker CEO

Mon, 22 May 2017

In this episode of Security Weekly, Netsparker CEO Ferruh Mavituna talks about automating and scaling up the process of web application security scanning.