Web Security Blog

The risks of doing vulnerability testing and management for compliance only

Wed, 28 May 2025

In this instalment of CISO’s Corner, we deal with the pitfalls of mistaking compliance for security and see how adopting a risk-based mindset helps you stay secure in the real world while still checking all the right boxes.

Read more

How to prevent CSRF attacks by using anti-CSRF tokens

Mon, 16 Dec 2024

How To Select a DAST Scanner: DAST Solutions & Tools

Fri, 06 Dec 2024

CWE Top 25 for 2024: XSS, SQLi, buffer overflows top the list

Wed, 27 Nov 2024

How to prevent SQL injection

Thu, 21 Nov 2024

How the BEAST attack works: Reading encrypted data without decryption

Thu, 14 Nov 2024

Invicti Security

Doubling down on components: SCA and Container Security on the Invicti platform

Mon, 11 Nov 2024

3 AppSec headaches you can cure with Predictive Risk Scoring

Fri, 25 Oct 2024

Injection Attacks in App Sec: Types, tools, examples

Fri, 18 Oct 2024

Layered security testing is the way—and DAST is what holds the layers together

Thu, 10 Oct 2024

Insecure deserialization in web applications

Fri, 04 Oct 2024

From radio waves to AppSec: Introducing Invicti’s AppSec Serialized podcast

Wed, 25 Sep 2024

Debunking the top 5 myths about DAST

Fri, 20 Sep 2024