Modern AppSec KPIs: Moving from scan counts to real risk reduction

Tue, 24 Jun 2025

It’s an interesting time to be leading security for a software-driven organization. The speed at which we deliver code has never been faster, and the expectations around security have also never been higher. As a result, the metrics we’ve historically used to measure application security are increasingly inadequate, even misleading.

An automated scanner that finds all OWASP Top 10 security flaws? Really?

Fri, 02 Aug 2019

Shellshock Exploit and Vulnerability Explained | Bash RCE

Thu, 09 Nov 2017

The Shellshock Bash vulnerability allows an attacker to send operating system commands to the web server operating system, thus allowing the attacker to take over the server. This web security article explains what is the Shellshock vulnerability and how you can automatically check if your web environment is vulnerable to this critical vulnerability.

Ruby on Rails Security Basics

Wed, 06 Aug 2014

How Fast is Your Web vulnerability Scanner?

Mon, 22 May 2017

There are many different factors that can affect the duration of a complete web application security test. Learn what such factors are and learn how to evaluate your security tools to ensure your business gets the best return on investment when doing web application security tests.

URL Rewrite Rules and Web Vulnerability Scanners

Tue, 23 May 2017

URL Rewrite Rules have become extremely popular in web applications but many web vulnerability scanners fall short of automatically scan such websites. Read this article to learn more on why typical web vulnerability scanners are unable to scan websites which use URL rewrite rules and what Netsparker did to allow users to easily and automatically scan websites with URL rewrite technology enabled.

What is DOM-based XSS (cross-site scripting)?

Thu, 09 May 2019

Passwords vs. Pass Phrases – Weaknesses Beyond the Password

Mon, 22 May 2017

Using strong passwords is not enough, the whole system should be built well to ensure that the underlying technology can survive a data breach, when, and not if it happens. In fact a modernized approach to password ideology is only one of the several necessary steps for a highly-secured system

Why QA Pros Should Be More Involved in Web Security

Mon, 22 May 2017

This security post explains why QA team members can be a good fit to do web application security testing and vulnerability finding and why businesses should involve more QA team members in their web application security programs.

Passwords vs. Pass Phrases – An Ideological Divide

Mon, 22 May 2017

The concept of passwords is very old and the more efficient offline password crackers are becoming, the more difficult it is for users to come up with complex passwords. This whitepaper looks into how efficient complex passwords are and highlights other alternatives to complex passwords.

What Can We Learn from Ebay Hack Attack?

Thu, 22 May 2014

ebay just confirmed that one of its services has been hacked and malicious hackers managed to get their hands on a database that contain sensitive user information such as usernames and passwords. Could such attack have been avoided? This article explains what happened and highlights a number of web security best practices to avoid having your websites and web applications hacked.

Don’t Waste Your Testing Team’s Talents – Automate the Repetitive

Mon, 22 May 2017

Many companies shy away from automated testing: it cannot replace manual testing, they reason, and so why invest so much in it? This view can be defended for user interface testing, but it falls short of the reality of web security testing, or better web vulnerability scanning. Read more and learn how an automated web vulnerability scanner can help you get the best out of your web testing and security teams

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Social Hacking of Support and Implementation Teams

An automated scanner that finds all OWASP Top 10 security flaws? Really?

Shellshock Exploit and Vulnerability Explained | Bash RCE

Ruby on Rails Security Basics

How Fast is Your Web vulnerability Scanner?

URL Rewrite Rules and Web Vulnerability Scanners

What is DOM-based XSS (cross-site scripting)?

Passwords vs. Pass Phrases – Weaknesses Beyond the Password

Why QA Pros Should Be More Involved in Web Security

Passwords vs. Pass Phrases – An Ideological Divide

What Can We Learn from Ebay Hack Attack?

Don’t Waste Your Testing Team’s Talents – Automate the Repetitive