Complimentary 90-day, on-prem license available for entities involved in Covid19 response.

Netsparker's Web Application Security Blog

New CVSS 3.1 Support

Category: Product Docs & FAQS - Last Updated: Wed, 01 Apr 2020 - by Oguz Kurumlu
New CVSS 3.1 Support

Netsparker contains Classifications of multiple industry vulnerability standards. The March 2020 Update for Netsparker 5.7 added support for the CVSS 3.1 software industry standard for assessing and classifying web application security vulnerabilities. This classification sits in the Netsparker Standard report along with others. Read More

Cybersecurity During the COVID-19 Pandemic

Category: Web Security Readings - Last Updated: Mon, 30 Mar 2020 - by Zbigniew Banach
Cybersecurity During the COVID-19 Pandemic

The coronavirus outbreak has sent the world into chaos, and cybercriminals were quick to exploit this opportunity. Malware, scams, and phishing attacks related to the COVID-19 crisis are all on the rise, as are cyberattacks on healthcare providers. Here is our view of the current cybersecurity situation and our advice on staying secure during this exceptional time. Read More

Using Content Security Policy (CSP) to Secure Web Applications

Category: Web Security Readings - Last Updated: Fri, 27 Mar 2020 - by Zbigniew Banach
Using Content Security Policy (CSP) to Secure Web Applications

Content Security Policy (CSP) is a computer security standard that provides an added layer of protection against Cross-Site Scripting (XSS), clickjacking, and other client-side attacks that rely on executing malicious content in the context of a trusted web page. This article shows how to use CSP headers to protect websites against XSS attacks and other attempts to bypass same-origin policy. Read More

SANS Top 25 Report

Category: Product Docs & FAQS - Last Updated: Fri, 20 Mar 2020 - by Oguz Kurumlu
SANS Top 25 Report

The Netsparker web application security scanner incorporates several common industry vulnerability standards and protocols. The latest to be added in the Netsparker Standard 5.6 January 2020 Update is the SANS Top 25. Read More

Complimentary Netsparker Licenses for Organizations Fighting COVID-19

Category: News - Last Updated: Wed, 18 Mar 2020 - by Ferruh Mavituna
Complimentary Netsparker Licenses for Organizations Fighting COVID-19

The coronavirus pandemic is set to become the biggest global crisis in decades, and ensuring cybersecurity is now more important than ever. To help organizations keep their websites and web applications secure during this unprecedented global emergency, Netsparker is offering complimentary licenses to organizations involved in fighting COVID-19. Read More

What is LDAP Injection and How to Prevent It

Category: Web Security Readings - Last Updated: Fri, 13 Mar 2020 - by Zbigniew Banach
What is LDAP Injection and How to Prevent It

LDAP injection attacks exploit input validation vulnerabilities to inject and execute queries to Lightweight Directory Access Protocol servers. LDAP services are crucial for the daily operation of many organizations, and a successful LDAP injection attack can provide valuable information for further attacks on databases and internal applications. This article looks at how LDAP injection works and shows how it can be prevented to improve web application security. Read More

March 2020 Update for Netsparker Standard 5.7

Category: Releases - Last Updated: Thu, 12 Mar 2020 - by Netsparker Security Team
March 2020 Update for Netsparker Standard 5.7

This blog post announces the March 2020 update for Netsparker Standard 5.7. The highlights of this release are form validation errors in the knowledge base, CVSS 3.1 support, and query-based navigation in the Scan Policy Editor. Other new features are three new security checks, hash crawling support and an improved BREACH Attack template. Read More

How to Define Cybersecurity Metrics for Web Applications

Category: Web Security Readings - Last Updated: Fri, 06 Mar 2020 - by Zbigniew Banach
How to Define Cybersecurity Metrics for Web Applications

Everyone is concerned about information security, data breaches, malware, and cyberattacks, but how do you actually measure an organization’s cybersecurity? How can you quantify the current state of cybersecurity and track improvements? Every cybersecurity program needs carefully defined cybersecurity metrics – performance indicators that provide meaningful and comparable values. This article shows how to define useful cybersecurity metrics, examines the benefits they can bring, and suggests a starter set of metrics for web application security. Read More

February 2020 Update for Netsparker Enterprise

Category: Releases - Last Updated: Wed, 04 Mar 2020 - by Netsparker Security Team
February 2020 Update for Netsparker Enterprise

This blog post announces the February 2020 update for Netsparker Enterprise. The new features of this release are a new Sitemap tab in reports; new integrations for Freshservice, Splunk and YouTrack; API Technologies endpoints; a Pre-Request Script feature; a redesigned Scan Summary page; rearranged Security Check groups; and a What’s New panel. Read More

Netsparker Exhibited at RSA 2020

Category: Events - Last Updated: Wed, 04 Mar 2020 - by Saran Toure
Netsparker Exhibited at RSA 2020

The RSA Conference is one of the high points of the year for the security industry, with market leaders and industry experts coming together to shape the future of security. Netsparker was proud to be among the sponsors and exhibitors of RSA 2020, which took place from February 24 to 27 at the Moscone Center in San Francisco. Read More

Can Vulnerability Scanning Replace Penetration Testing?

Category: Web Security Readings - Last Updated: Fri, 28 Feb 2020 - by Zbigniew Banach
Can Vulnerability Scanning Replace Penetration Testing?

At first glance, penetration testing and vulnerability scanning appear to be two different names for the same basic task: finding vulnerabilities. Under pressure to reduce costs, businesses may be tempted to replace penetration testers with ever-improving vulnerability scanning solutions. In reality, vulnerability scanning and penetration testing are two very different processes, and each is vital to ensure accurate vulnerability assessments and maintain a solid security posture. Let’s have a closer look at both approaches and see how they can be combined to maximize web application security. Read More

How Blind SQL Injection Works

Category: Web Security Readings - Last Updated: Fri, 21 Feb 2020 - by Zbigniew Banach
How Blind SQL Injection Works

Blind SQL injection is a type of SQL injection attack where the attacker indirectly discovers information by analyzing server reactions to injected SQL queries, even though injection results are not visible. Blind SQL injection attacks are used against web applications that are vulnerable to SQL injection but don’t directly reveal information. While more time-consuming than regular SQL injection, blind SQL injection attacks can be automated to map out the database structure and extract sensitive information from the database server. Read More

WAF Identifier Security Check

Category: Product Docs & FAQS - Last Updated: Wed, 19 Feb 2020 - by Selman Genc
WAF Identifier Security Check

Netsparker web application security scanners use many security checks to detect vulnerabilities in a scan. The Netsparker Standard 5.6 January 2020 Update introduced a new WAF Identifier security check that is enabled by default. Read More

The Challenges of Ensuring IoT Security

Category: Web Security Readings - Last Updated: Fri, 14 Feb 2020 - by Zbigniew Banach
The Challenges of Ensuring IoT Security

It’s no secret that cybersecurity and the Internet of Things don’t go well together. Thousands of IoT devices are finding their ways into homes, businesses, and many other areas of our lives, but security is rarely high on device manufacturers’ list of priorities. With no industry standards for architecture or security, devices often use custom-built operating systems and proprietary communication protocols. Internet of Things security remains a veritable minefield, and problems with IoT cyberattacks and malware can only continue to grow along with the number of devices. So why is it so hard to secure IoT devices, and what can we do about it? Read More

Form Authentication OTP Support

Category: Product Docs & FAQS - Last Updated: Wed, 12 Feb 2020 - by Can Fill
Form Authentication OTP Support

The Netsparker Standard 5.5 November 2019 Update introduced support for form authentication using an OTP, including from a QR code. This enables you to use two alternative methods of two-factor authentication for your website applications. Read More