Web Security Blog

What we learned about API discovery from comparing runtime and edge views

Thu, 21 Aug 2025

As a CISO, my litmus test for API discovery is simple: does it find the endpoints that matter for security work we can act on? Will it give my team a clean list of testable items? To pressure-test the discovery features on the Invicti Platform and see how it stacks up, we ran an informal benchmark within our AppSec team.

Read more

Types of information disclosure vulnerabilities

Tue, 11 Mar 2025

Missing X-Frame-Options header? You should be using CSP anyway

Fri, 07 Mar 2025

How to implement DAST: A complete guide to dynamic application security testing

Fri, 28 Feb 2025

Missing HTTP security headers: Avoidable risk, easy fix

Thu, 20 Feb 2025

DAST vs. penetration testing: Key similarities and differences

Wed, 12 Feb 2025

DAST vs. SAST: Getting real on static and dynamic application security testing

Fri, 07 Feb 2025

7 principles of secure design in software development security

Tue, 04 Feb 2025

Is DAST only for web applications? A fact-check on vulnerability scanning

Fri, 31 Jan 2025

Invicti Security

What is vulnerability scanning and how do web vulnerability scanners work?

Fri, 24 Jan 2025

The three pillars of application security: A cybersecurity expert’s perspective

Mon, 20 Jan 2025

The role of an API scanner in API security

Mon, 13 Jan 2025

3 types of vulnerability scanners that matter for application security

Thu, 09 Jan 2025