What we learned about API discovery from comparing runtime and edge views

Thu, 21 Aug 2025

As a CISO, my litmus test for API discovery is simple: does it find the endpoints that matter for security work we can act on? Will it give my team a clean list of testable items? To pressure-test the discovery features on the Invicti Platform and see how it stacks up, we ran an informal benchmark within our AppSec team.

Passwords vs. Pass Phrases – An Ideological Divide

Mon, 22 May 2017

The concept of passwords is very old and the more efficient offline password crackers are becoming, the more difficult it is for users to come up with complex passwords. This whitepaper looks into how efficient complex passwords are and highlights other alternatives to complex passwords.

What Can We Learn from Ebay Hack Attack?

Thu, 22 May 2014

ebay just confirmed that one of its services has been hacked and malicious hackers managed to get their hands on a database that contain sensitive user information such as usernames and passwords. Could such attack have been avoided? This article explains what happened and highlights a number of web security best practices to avoid having your websites and web applications hacked.

Don’t Waste Your Testing Team’s Talents – Automate the Repetitive

Mon, 22 May 2017

Many companies shy away from automated testing: it cannot replace manual testing, they reason, and so why invest so much in it? This view can be defended for user interface testing, but it falls short of the reality of web security testing, or better web vulnerability scanning. Read more and learn how an automated web vulnerability scanner can help you get the best out of your web testing and security teams

Is Your Web Vulnerability Scanner Approved by PCI?

Mon, 22 May 2017

Is the web vulnerability scanner you are using approved by PCI? This article talks about PCI and PCI DSS and explains why automated software used in PCI DSS compliance audits, such as an automated web vulnerability scanner and web security scanner cannot be approved by PCI.

Complete beginner’s guide to web application security

Wed, 29 May 2019

Working in QA? Take your Web Application Security Testing to the Next Level

Mon, 22 May 2017

As a QA professional, you are in a perfect position to add much more value to the web application security testing and vulnerabilities detection processes. Read more and learn what you can do to improve your testing skills and start incorporating more complete web application security tests in your normal QA tests.

The Importance of Planning out Web Application Security Testing

Mon, 22 May 2017

This article explains how to plan a web application vulnerability detection program to ensure that all vulnerabilities in your business web applications are identified and closed. It also explains what are the basic building blocks for a successful web security assessment.

What Changed and What you need to know about PCI DSS 3.0

Mon, 22 May 2017

The new PCI DSS version 3.0 guidelines will take effect on the 1st of January 2014 but will only be forced in 2015. Still, 1 year passes by so quickly so read this document to see what changed and what is new in the new PCI DSS 3.0 guidelines and check how it might impact your business and the security of your websites and web applications.

Why You Should Run Authenticated Web Security Scans

Mon, 22 May 2017

Do you scan all sections of your web applications, including the authenticated sections? In this blog post you will find a number of reasons why you and every other web security expert and penetration testers should run authenticated web application security scans.

PCI Compliance – The Good, The Bad, and The Insecure – Part 2

Mon, 22 May 2017

In this second part of the compliance article, the author explains in detail how each and every category in the PCI DSS requirements should be dealt with to ensure that your websites, web applications and also business are operating securely. This is the definitive guide to PCI DSS compliance every business and organization should read.

PCI Compliance – The Good, The Bad, and The Insecure

Mon, 22 May 2017

In this first part of a two part article about PCI compliance and web application security, the author looks into the history of compliance, rules and regulations and explores the common shortcomings of such rules. The author also explains why there are such shortcomings and explains that by being compliant, does not necessarily mean having secure web applications.

How to select a web application security scanner: App sec tools and solutions

Fri, 09 Aug 2019