Smarter, not flashier: How AI enhances DAST on the Invicti Platform

Fri, 25 Jul 2025

The AI gold rush has every existing software company adding AI-powered features for fear of missing out, and every startup promising an AI-powered revolution. At Invicti, we’ve launched a new AppSec platform with AI-powered DAST at its heart—but it’s very different from the AI snake oil and commercial LLM wrappers flooding the market.

JavaScript Scope and IntenseDebate’s Privacy Problems

Tue, 26 Apr 2011

In this web application security article, Ferruh Mavituna, explains a security issue he identified in IntenseDebate online service that could allow attackers to access information about the logged-in session of the victim. Ferruh also suggests a number of remedies for this problem which every web application developer should know of.

SVN Digger – Better Wordlists for Forced Browsing with Netsparker Web Application Security Scanner

Mon, 11 Apr 2011

In this blog post we explain how we built a database of keywords which will be used in Netsparker Web Application Security Scanner when doing forced browsing security checks to try and identify hidden resources in web applications during a security scan.

XSS to Root in Apache Jira Incident

Mon, 22 May 2017

In this blog post we explain how malicious hackers hacked into the Apache Foundation web servers and gained root access. They started by exploiting a cross-site scripting vulnerability in a web application called Jira. We scanned Jira with Netsparker and detected all of the vulnerabilities the malicious hackers exploited and more. This incident should serve as an example to all corporations to use Netsparker Web Application Security Scanner to identify and close down web application vulnerabilities.

WebRaider

Sat, 27 Feb 2010

WebRaider is a proof of concept tool to get reverse shell from an SQL Injection with one request, without using any extra channels such as TFTP or FTP to upload the initial payload.