Netsparker recognized as Gartner Peer Insights Customers' Choice.

Netsparker's Web Application Security Blog

How Web Shells Work

Category: Web Security Readings - Last Updated: Fri, 16 Oct 2020 - by Zbigniew Banach
How Web Shells Work

A web shell is a malicious script that provides an attacker with a convenient way to launch attacks using a compromised web server. Web shells can provide a permanent backdoor into web applications and related systems. Learn how web shells work, why they are dangerous, and what you can do to detect and prevent them. Read More

Netsparker Survey Reveals Executive Overconfidence in Web Security

Category: Web Security Readings - Last Updated: Tue, 13 Oct 2020 - by Zbigniew Banach
Netsparker Survey Reveals Executive Overconfidence in Web Security

How do web application security policies and programs translate into everyday practice? To find out, Netsparker commissioned a global survey of security professionals, covering a variety of roles and industries. The results should be a wake-up call for all security executives who still believe that all their web applications are secure and regularly tested. Read More

Secure by Design: Announcing the Netsparker Webinar Series

Category: Events - Last Updated: Wed, 07 Oct 2020 - by Saran Toure
Secure by Design: Announcing the Netsparker Webinar Series

Developing web applications first and securing them later is no longer a realistic approach. Organizations urgently need to move from testing only deployed applications to incorporating security from the earliest stages of development. Netsparker presents a three-part webinar series to help you make your web applications secure by design. Read More

More Than Scanning: Integrating Web Application Security

Category: Web Security Readings - Last Updated: Fri, 02 Oct 2020 - by Zbigniew Banach
More Than Scanning: Integrating Web Application Security

Ensuring security is not a one-off effort but a continuous process that needs to be integrated into the software development and testing workflows. Netsparker tightly integrates with existing tools and processes for maximum effectiveness and automation. This article shows how Netsparker fits into each stage of a secure application development process. Read More

Walk Before You Run: 5 Practical Steps to Enterprise Web Application Security

Category: Web Security Readings - Last Updated: Fri, 25 Sep 2020 - by Zbigniew Banach
Walk Before You Run: 5 Practical Steps to Enterprise Web Application Security

Every modern enterprise needs a solid web application security program, but there’s a long and winding road between making the initial decision and actually getting an effective program in place. This article shows how organizations can plan their actions to see continuous security improvements, as explained by Netsparker CEO Ferruh Mavituna. Read More

Integer Overflow Errors

Category: Web Security Readings - Last Updated: Fri, 18 Sep 2020 - by Zbigniew Banach
Integer Overflow Errors

An integer overflow happens when a program tries to store an integer value that is too big for the declared integer type. Apart from incorrect results and system instability, it can also cause buffer overflows and provide an entry point for attackers. Let's see why integer overflow errors are possible and what you can do to prevent them. Read More

Threat Modeling for Web Applications

Category: Web Security Readings - Last Updated: Fri, 11 Sep 2020 - by Zbigniew Banach
Threat Modeling for Web Applications

Threat modeling in cybersecurity is a way of identifying, listing, prioritizing, and mitigating potential threats in order to protect systems and data. This article shows how threat modeling works, how it applies to web application security, and why you should use it in your secure development process. Read More

How Netsparker Can Help with Compliance

Category: Product Docs & FAQS - Last Updated: Wed, 09 Sep 2020 - by Zbigniew Banach
How Netsparker Can Help with Compliance

Demonstrating web application compliance with various security standards and practices is crucial in many industries. To help scan applications and prepare reports for common web security compliance requirements, Netsparker comes with a host of predefined compliance checks and reports, including PCI DSS, OWASP Top 10, and HIPAA. Read More

The Difference Between Red Teaming and Penetration Testing

Category: Web Security Readings - Last Updated: Fri, 28 Aug 2020 - by Zbigniew Banach
The Difference Between Red Teaming and Penetration Testing

Red teaming is a way of testing security by simulating a real-life attack. Though often confused with penetration testing, red teaming has different objectives and uses different methods, often including physical security testing. This article looks at the differences between red team exercises and penetration testing to help you choose the best approach. Read More

5 Advantages of Ongoing Vulnerability Management Over Ad-Hoc Scanning

Category: Web Security Readings - Last Updated: Wed, 26 Aug 2020 - by Zbigniew Banach
5 Advantages of Ongoing Vulnerability Management Over Ad-Hoc Scanning

Why do organizations scan their websites and web applications for vulnerabilities? The question is not as silly as it seems, since many organizations treat vulnerability scanning as a precaution, not an integral part of their workflows. This article examines the advantages of systematic vulnerability management as compared to ad-hoc scanning. Read More