What is ASPM, or application security posture management?

Tue, 17 Jun 2025

ASPM tools promise a unified view of application security by aggregating data from testing tools like DAST, SAST, and SCA—but they don’t generate insights on their own. This post breaks down how ASPM works, where it adds value, and how a DAST-first platform like Invicti can offer many of the same capabilities but with validated and actionable results from its own security testing.

Shellshock Exploit and Vulnerability Explained | Bash RCE

Thu, 09 Nov 2017

The Shellshock Bash vulnerability allows an attacker to send operating system commands to the web server operating system, thus allowing the attacker to take over the server. This web security article explains what is the Shellshock vulnerability and how you can automatically check if your web environment is vulnerable to this critical vulnerability.

Ruby on Rails Security Basics

Wed, 06 Aug 2014

How Fast is Your Web vulnerability Scanner?

Mon, 22 May 2017

There are many different factors that can affect the duration of a complete web application security test. Learn what such factors are and learn how to evaluate your security tools to ensure your business gets the best return on investment when doing web application security tests.

URL Rewrite Rules and Web Vulnerability Scanners

Tue, 23 May 2017

URL Rewrite Rules have become extremely popular in web applications but many web vulnerability scanners fall short of automatically scan such websites. Read this article to learn more on why typical web vulnerability scanners are unable to scan websites which use URL rewrite rules and what Netsparker did to allow users to easily and automatically scan websites with URL rewrite technology enabled.

What is DOM-based XSS (cross-site scripting)?

Thu, 09 May 2019

Passwords vs. Pass Phrases – Weaknesses Beyond the Password

Mon, 22 May 2017

Using strong passwords is not enough, the whole system should be built well to ensure that the underlying technology can survive a data breach, when, and not if it happens. In fact a modernized approach to password ideology is only one of the several necessary steps for a highly-secured system

Why QA Pros Should Be More Involved in Web Security

Mon, 22 May 2017

This security post explains why QA team members can be a good fit to do web application security testing and vulnerability finding and why businesses should involve more QA team members in their web application security programs.

Passwords vs. Pass Phrases – An Ideological Divide

Mon, 22 May 2017

The concept of passwords is very old and the more efficient offline password crackers are becoming, the more difficult it is for users to come up with complex passwords. This whitepaper looks into how efficient complex passwords are and highlights other alternatives to complex passwords.

What Can We Learn from Ebay Hack Attack?

Thu, 22 May 2014

ebay just confirmed that one of its services has been hacked and malicious hackers managed to get their hands on a database that contain sensitive user information such as usernames and passwords. Could such attack have been avoided? This article explains what happened and highlights a number of web security best practices to avoid having your websites and web applications hacked.

Don’t Waste Your Testing Team’s Talents – Automate the Repetitive

Mon, 22 May 2017

Many companies shy away from automated testing: it cannot replace manual testing, they reason, and so why invest so much in it? This view can be defended for user interface testing, but it falls short of the reality of web security testing, or better web vulnerability scanning. Read more and learn how an automated web vulnerability scanner can help you get the best out of your web testing and security teams

Is Your Web Vulnerability Scanner Approved by PCI?

Mon, 22 May 2017

Is the web vulnerability scanner you are using approved by PCI? This article talks about PCI and PCI DSS and explains why automated software used in PCI DSS compliance audits, such as an automated web vulnerability scanner and web security scanner cannot be approved by PCI.

Complete beginner’s guide to web application security

Wed, 29 May 2019