What we learned about API discovery from comparing runtime and edge views

Thu, 21 Aug 2025

As a CISO, my litmus test for API discovery is simple: does it find the endpoints that matter for security work we can act on? Will it give my team a clean list of testable items? To pressure-test the discovery features on the Invicti Platform and see how it stacks up, we ran an informal benchmark within our AppSec team.

Subresource Integrity (SRI) for Validating Web Resources Hosted on Third Party Services (CDNs)

Wed, 29 Jun 2016

This article explains what is Subresource Integrity (SRI), how it works and how it helps web application developers ensure a more secure web environment especially when hosting resources on third party servers and services such as Content Delivery Networks (CDNs).

Web Application Security Basics – Keeping All Your Software Up To Date

Mon, 22 May 2017

What can we learn from the Mossack Fonseca hack and the Panama Papers leak? This article highlights the repercussions of ignoring one of the most basic concepts of IT and web application security; not updating your software.

Security Weekly Talks About Web Application Security & Automation with Netsparker CEO

Mon, 22 May 2017

In this episode of Security Weekly, Netsparker CEO Ferruh Mavituna talks about automating and scaling up the process of web application security scanning.

VIDEO: What is Netsparker? An Interview with Ferruh Mavituna

Tue, 29 Mar 2016

In this video interview, Netsparker CEO and founder Ferruh Mavituna explains what is Netsparker and also talks about the technology that makes the Netsparker web vulnerability scanning technology dead-accurate.

SQL injection cheat sheet

Wed, 21 Oct 2015

The Importance of Finding All Vulnerabilities on Your Web Applications

Mon, 22 May 2017

Although compliance is mandatory, a secure web application is more important. This article explains why website owners should focus on finding and fixing all possible vulnerabilities on their web applications, even if it means doing much more than PCI DSS compliance require.

Security Weekly and Ferruh Mavituna Talk Automation and Scaling Up Web Application Security

Mon, 22 May 2017

During episode #442 of Security Weekly, Ferruh Mavituna, Paul Asadoorian, Jeffrey Man and several other web security professionals talk about the challenges of automating web application security and how companies can scale up automated web application security scanning and scan 100s and 1000s of web applications with the least possible resources.

Understanding the Differences Between Technical and Logical Web Application Vulnerabilities

Mon, 22 May 2017

Web application vulnerabilities can be split within two categories; logical and technical vulnerabilities. This post explains the main differences between these two different vulnerability categories.

The Dark Web: Black Market Websites, Script Kiddies, Hacking and more…

Tue, 31 Oct 2017

Have you ever wondered about what happens in the digital black market, or as better known the dark web? Do you know how easy it is for someone who does not have any security experience to buy a tool that can find vulnerabilities in websites and exploit them automatically? Read this article for more detailed information of how the dark web evolved and about the things you and anyone else can do with just a little bit of money.

An Easy to Use Web Application Security Scanner Means More Secure Web Applications

Mon, 22 May 2017

Most security software is very difficult to use hence businesses and organizations are failing to ensure the security of their IT assets. See how Netsparker is helping businesses ensure the long term security of their websites and web applications by developing an easy to use web application security scanner that also allows more automation.

Using Invicti To Comply With The OWASP Application Security Verification Standard When Developing Web Applications

Mon, 22 May 2017

The OWASP Application Security Verification Standard is a set of standards developed by OWASP to help developers write more secure code and web applications. This article explains how an automated web application security scanner such as Netsparker can help you comply with OWASP ASVS and develop more secure web applications.

Security Weekly Interviews Ferruh Mavituna about Web Application Security

Mon, 22 May 2017

In this interview with Security Weekly, Ferruh talks about web application security and explains how he got started, why Netsparker Enterprise is the ideal tool for large organizations who would like to ensure the security of all their web applications, explains how the false positive free vulnerability scanning technology works and much more.