Netsparker's Web Application Security Blog

How the POODLE Attack Spelled the End of SSL 3.0

Category: Web Security Readings - Last Updated: Fri, 03 Jul 2020 - by Zbigniew Banach
How the POODLE Attack Spelled the End of SSL 3.0

The POODLE attack exploits protocol fallback from TLS to SSL 3.0 to reveal information from encrypted HTTPS communication. Discovered in 2014, this network attack demonstrated that SSL 3.0 should never be used again, not even as a legacy fallback. This article provides a high-level overview of the POODLE vulnerability and the fate of SSL 3.0. Read More

How to Ensure REST API Security

Category: Web Security Readings - Last Updated: Fri, 19 Jun 2020 - by Zbigniew Banach
How to Ensure REST API Security

Web application programming interfaces (APIs) provide the back end for modern web and mobile applications and account for over 80% of all web traffic. REST APIs are the most common type of web API for web services, so let’s see what you can do to ensure REST API security. Read More

Bridging the Cybersecurity Skills Gap

Category: Web Security Readings - Last Updated: Fri, 12 Jun 2020 - by Zbigniew Banach
Bridging the Cybersecurity Skills Gap

The global cybersecurity skills shortage is no secret. Analysts estimate that by 2021, over 4 million cybersecurity jobs will be unfilled. With cybercrime continually on the rise and information security high on the agenda of organizations, the demand for cybersecurity professionals keeps growing. The cybersecurity skills gap is real and it’s here to stay – so what can you do? Read More

May 2020 Update for Netsparker Standard 5.8

Category: Releases - Last Updated: Thu, 14 May 2020 - by Netsparker Security Team
May 2020 Update for Netsparker Standard 5.8

This blog post announces the May 2020 update for Netsparker Standard 5.8. The highlights of this release are Pivotal tracker integration, a Mime type step for test website configuration, improved pre-request scripting API, a fragment parsing option, and a new SameSite Cookies security check. Read More

What Are Format String Vulnerabilities?

Category: Web Security Readings - Last Updated: Thu, 07 May 2020 - by Zbigniew Banach
What Are Format String Vulnerabilities?

Format strings are used in many programming languages to insert values into a text string. In some cases, this mechanism can be abused to perform buffer overflow attacks, extract information or execute arbitrary code. Let’s take a closer look at format string vulnerabilities and see why they exist. Read More

April 2020 Update for Netsparker Enterprise

Category: Releases - Last Updated: Tue, 28 Apr 2020 - by Netsparker Security Team
April 2020 Update for Netsparker Enterprise

This blog post announces the April 2020 update for Netsparker Enterprise. The new features of this release are U2F Authentication, issue synchronization for Azure DevOps and ServiceNow integrations, form validation errors in the knowledge base and reports, CVSS 3.1 support, and email reports after a scan. Read More