SQL Injection Cheat Sheet

Category: Web Security Readings - Last Updated: Wed, 21 Oct 2015 - by Ferruh Mavituna

Use our SQL Injection Cheat Sheet to learn about the different variants of the SQL Injection vulnerability. In this cheat sheet you can find detailed technical information about SQL Injection vulnerabilities against MySQL, Microsoft SQL Server, Oracle and PostgreSQL SQL servers. Read More

DOM Based Cross-site Scripting Vulnerability

Category: Web Security Readings - Last Updated: Mon, 14 Jul 2014 - by Ferruh Mavituna

A web security article that explains what is a DOM based cross-site scripting using real live coding examples. The article also explains why the traditional XSS remediation methods do not work and what you can do to ensure that your web applications are not vulnerable to DOM based cross-site scripting vulnerability. Read More

The Wait is Over, Netsparker 3.1 is Here with Full HTML5 Support

Category: Releases - Last Updated: Thu, 26 Oct 2017 - by Ferruh Mavituna

Netsparker Version 3.1 is a major version update. With this version of the false positive free web application security scanner Netsparker, users can scan and identify security issues in HTML5 web applications. This new version of Netsparker also includes a number of new security checks for Web 2.0 web applications, can inject JSON and XML HTTP requests, reports much more information about the target web application and much more. Read this post for a complete detailed list of what is new and improved in Netsparker 3.1 Read More

5 Lessons We Have learnt from Netsparker Software Releases

Category: News - Last Updated: Thu, 02 Feb 2012 - by Ferruh Mavituna

In this blog post, Ferruh Mavituna explains what he and his team has learnt from the releases of Netsparker Web Application Security Scanner. Ferruh shares his experience of how everything is done, how the team works and how every decision, even a small one might affect the whole release cycle of Netsparker. Read More

How Netsparker ensures False Positives Free Web Vulnerability Scans

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Ferruh Mavituna

This web application security blog post explains why false positives are one of the biggest problem of today's commercial web application vulnerability scanners and also explains what the Netsparker team is doing to ensure that Netsparker Web Application Security Scanner does not report false positives when doing a web application security scan. Read More


Category: Web Security Readings - Last Updated: Sat, 27 Feb 2010 - by Ferruh Mavituna

WebRaider is a proof of concept tool to get reverse shell from an SQL Injection with one request, without using any extra channels such as TFTP or FTP to upload the initial payload. Read More

False Positive Free Scanning

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Ferruh Mavituna

When I tell someone that Netsparker is a False Positive Free web application security scanner, they’ll stare at me and think “Well, yet another lunatic!” They never actually said that but I can read it from their faces. They won’t say much assuming I’m a mad person who claims a scanner can avoid false positives and since I’m a mad person, I can be dangerous. I assume that’s why they generally choose to be silent after that claim! Read More