Web Security Blog

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Tue, 24 Jun 2025

It’s an interesting time to be leading security for a software-driven organization. The speed at which we deliver code has never been faster, and the expectations around security have also never been higher. As a result, the metrics we’ve historically used to measure application security are increasingly inadequate, even misleading.

Read more

How To Select a DAST Scanner: DAST Solutions & Tools

Fri, 06 Dec 2024

CWE Top 25 for 2024: XSS, SQLi, buffer overflows top the list

Wed, 27 Nov 2024

How to prevent SQL injection

Thu, 21 Nov 2024

How the BEAST attack works: Reading encrypted data without decryption

Thu, 14 Nov 2024

Invicti Security

Doubling down on components: SCA and Container Security on the Invicti platform

Mon, 11 Nov 2024

3 AppSec headaches you can cure with Predictive Risk Scoring

Fri, 25 Oct 2024

Injection Attacks in App Sec: Types, tools, examples

Fri, 18 Oct 2024

Layered security testing is the way—and DAST is what holds the layers together

Thu, 10 Oct 2024

Insecure deserialization in web applications

Fri, 04 Oct 2024

From radio waves to AppSec: Introducing Invicti’s AppSec Serialized podcast

Wed, 25 Sep 2024

Debunking the top 5 myths about DAST

Fri, 20 Sep 2024

The Helix Files: Choose Your Own Adventure

Fri, 13 Sep 2024