Web Security Blog

Invicti Security

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Thu, 15 May 2025

Vibe coding is one of the hottest trends in software right now, promising to radically change how we build apps by using natural language instead of traditional programming. But beyond the buzz, what does it actually mean and what are the risks?

Read more

HTTP security headers: An easy way to harden your web applications

Fri, 06 Sep 2024

The OWASP API Security Top 10 demystified

Thu, 29 Aug 2024

What’s the big deal with post-quantum cryptography?

Fri, 16 Aug 2024

Invicti Security

How the DORA framework mandates application security testing (and many other things)

Tue, 06 Aug 2024

A voyage of discovery: Talking APIs with Frank Catucci and Dan Murphy

Thu, 25 Jul 2024

All in one place: Discovery and security testing across your APIs and applications

Tue, 16 Jul 2024

XSS filter evasion: Why filtering doesn’t stop cross-site scripting

Thu, 11 Jul 2024

Polyfill supply chain attack: What to do when your CDN goes evil

Thu, 27 Jun 2024

How to prevent XSS attacks

Thu, 20 Jun 2024

Invicti Security

What the OWASP Top 10 for LLM applications tells us about generative AI security

Thu, 13 Jun 2024

Making sense of AppSec vs. DevSecOps

Thu, 06 Jun 2024

How bad is a missing Content-Type header?

Thu, 23 May 2024