Netsparker's Web Application Security Blog

Netsparker GDPR Survey: 10 Percent of C-Level Security Execs Say GDPR Will Cost Them $1M+

Category: News - Last Updated: Thu, 12 Apr 2018 - by Robert Abela

Press Release | We surveyed international C-Level Executives about their compliance plans for the EU's upcoming GDPR. This update contains the survey results, which shows that affected companies are serious about compliance and aware of the costs involved. It also reveals those industries that are most affected and those that are least prepared. Read More

Netsparker Surveys US Based C-Levels on GDPR Compliance

Category: Web Security Readings - Last Updated: Thu, 12 Apr 2018 - by Robert Abela

GDPR, the new EU privacy regulations, applies to all businesses that handle the personal data (such as email addresses) of EU citizens. We surveyed over 300 US C-Level leaders to find out whether they were ready, how many new employees they needed, how much they were spending and the impact the regulations would have on data breaches. Read More

Introducing the Same-origin Policy Whitepaper

Category: Web Security Readings - Last Updated: Fri, 06 Apr 2018 - by Dawn Baird

This blog post outlines the contents of our Same-origin Policy Whitepaper: The Definitive Guide to Same-origin Policy. It includes a discussion of SOP misconceptions and implementations. It is jointly by Alex Baker, an independent Security Researcher, together with Ziyahan Albeniz and Emre Iyidogan, two of Netsparker's Security Researchers. Read More

Why You Should Never Pass Untrusted Data to Unserialize When Writing PHP Code

Category: Web Security Readings - Last Updated: Thu, 29 Mar 2018 - by Sven Morgenroth

Unserialize is a PHP function that, while often classified as a security risk, is seldom defined. This article explains the vulnerability and contains a PHP Classes Crash Course that includes properties and 'magic methods'. It uses examples to illustrate the basic concepts of Deserialization, PHP Object Injection and Class Autoloading in PHP. Read More

Facebook & Cambridge Analytica Data Breach

Category: Web Security Readings - Last Updated: Tue, 27 Mar 2018 - by Dawn Baird

This blog post examines the Facebook and Cambridge Analytica Data Breach news, asks what might change at Facebook and discusses whether users or organisations are responsible. It also examines whether data portability or security is the priority and sets out some basic questions web application vendors need to ask of their data security policies. Read More

Sven Morgenroth Explains & Demos Same-origin Policy and How to Circumvent it

Category: Web Security Readings - Last Updated: Thu, 22 Mar 2018 - by Robert Abela

Watch episode #550 of Enterprise Security Weekly in which Sven Morgenroth, our Security Researcher, talks about Same Origin Policy, its origin, how it works as a security measure, various incorrect implementation issues and dangers. The show includes slides and a demo of four exploits that abuse mistakes developers make when circumventing SOP. Read More

Securing Netsparker Cloud by Restricting IP Addresses

Category: Product Docs & FAQS - Last Updated: Wed, 21 Mar 2018 - by Burak Aydin

This article explains Netsparker Cloud's new IP Address Restrictions feature and how it enables organisations to control access to the Netsparker Cloud dashboard based on IP Address. This includes instructions on how to enable IP Address Restrictions and add Trusted IP Addresses. Read More

Ferruh Mavituna Talks About Web Security on Enterprise Security Weekly Podcast

Category: Web Security Readings - Last Updated: Thu, 15 Mar 2018 - by Robert Abela

Watch episode #81 of Enterprise Security Weekly in which Ferruh Mavituna, our CEO, talks about Netsparker's current focus, the role of web application vulnerabilities in data breaches, honesty in the web application security industry, dynamic and static analysis tools, enterprise requirements for scalability, IoT and his conference plans for April. Read More

Netsparker and Brinqa to Partner on Web Application Security Webinar

Category: Events - Last Updated: Thu, 08 Mar 2018 - by Robert Abela

In this webinar, our CEO, Ferruh Mavituna, and Director of Product at Brinqa, Syed Abdur, will discuss the exposed attack surface that is responsible for most data breaches. They will examine how organizations can integrate Netsparker and Brinqa into the SDLC to help confidently manage security vulnerabilities and build resilient web applications. Read More

Netsparker Raises $40 Million to Accelerate Growth of Leading Web Application Security Software

Category: News - Last Updated: Thu, 08 Mar 2018 - by Robert Abela

Press Release | We are delighted to announce that an investment of $40 Million by San Francisco-based growth and private equity fund, Turn River Capital, will accelerate product development, marketing and sales team expansion, and acquisitions at Netsparker to support the increased enterprise level demand for web application security software. Read More

February 2018 Netsparker Cloud Update

Category: Releases - Last Updated: Wed, 07 Mar 2018 - by Robert Abela

Our latest news is about the first Netsparker Cloud update of 2018 – new integration plugins for both TeamCity and Jenkins, that will enable you to further integrate vulnerability scanning into your Software Development Lifecycle. The plugins are available via a new Integration menu in Netsparker Cloud and delivered efficiently via a wizard. Read More

How to Integrate Netsparker Into Your Existing SDLC

Category: Product Docs & FAQS - Last Updated: Tue, 06 Mar 2018 - by Duran Serkan Kilic

This article explains how to integrate Netsparker into your existing Software Development Lifecycle. It also provides instructions on how to view Continuous Integration information in Netsparker's Status window and in the Scan Report, how to configure Username Mappings and how to disable creating and assigning issues to the code committer. Read More

GDPR Article 32: Security of Data Processing

Category: Web Security Readings - Last Updated: Wed, 28 Feb 2018 - by Sven Morgenroth

This article provides a short introduction to Article 32 of the General Data Protection Regulation (GDPR), the latest EU regulation which deals with the security of Personal Data Processing. It also includes some practical suggestions for keeping organizations' personal data secure. Read More