Author Archives Ferruh Mavituna

Our CEO, Ferruh Mavituna, explains why the framework you choose for your web applications matters. Even if you build the most secure application, when your framework is vulnerable, your application is too. He debunks some myths regarding the similarity of popular frameworks, and provides good reasons to check whether yours is secure by default. Read More

This article uses examples to explain how to develop secure web applications in Ruby on Rails that are not vulnerable to cross-site scripting vulnerabilities. Read More

A highlight of what we have done in 2016 and what features and scanning capabilities we introduced in our web application security scanners. Read More

This article looks into several techniques which Ruby on Rails developers can use to develop web applications that are not vulnerable to the notorious SQL Injection vulnerability. Read More

Use our SQL Injection Cheat Sheet to learn about the different variants of the SQL Injection vulnerability. In this cheat sheet you can find detailed technical information about SQL Injection vulnerabilities against MySQL, Microsoft SQL Server, Oracle and PostgreSQL SQL servers. Read More

Read this blog post for more information on why we are stopping the development of Netsparker Community Edition, the free SQL Injection scanner. Read More

Read about the new features Netsparker Cloud, the new online web application security scanner by Netsparker has and learn how your organization can leverage them to automatically identify vulnerabilities and security flaws in websites and web applications and ensure they are secure while saving on costs. Read More

A web security article that explains what is a DOM based cross-site scripting using real live coding examples. The article also explains why the traditional XSS remediation methods do not work and what you can do to ensure that your web applications are not vulnerable to DOM based cross-site scripting vulnerability. Read More

Netsparker Version 3.1 is a major version update. With this version of the false positive free web application security scanner Netsparker, users can scan and identify security issues in HTML5 web applications. This new version of Netsparker also includes a number of new security checks for Web 2.0 web applications, can inject JSON and XML HTTP requests, reports much more information about the target web application and much more. Read this post for a complete detailed list of what is new and improved in Netsparker 3.1 Read More

In this blog post, Ferruh Mavituna explains what he and his team has learnt from the releases of Netsparker Web Application Security Scanner. Ferruh shares his experience of how everything is done, how the team works and how every decision, even a small one might affect the whole release cycle of Netsparker. Read More

This web application security blog post explains why false positives are one of the biggest problem of today's commercial web application vulnerability scanners and also explains what the Netsparker team is doing to ensure that Netsparker Web Application Security Scanner does not report false positives when doing a web application security scan. Read More

In this web application security article, Ferruh Mavituna, explains a security issue he identified in IntenseDebate online service that could allow attackers to access information about the logged-in session of the victim. Ferruh also suggests a number of remedies for this problem which every web application developer should know of. Read More

In this blog post we explain how we built a database of keywords which will be used in Netsparker Web Application Security Scanner when doing forced browsing security checks to try and identify hidden resources in web applications during a security scan. Read More

WebRaider is a proof of concept tool to get reverse shell from an SQL Injection with one request, without using any extra channels such as TFTP or FTP to upload the initial payload. Read More

Even though Netsparker is one of the youngest automated web application security scanners on the market, it excelled in Larry Suto's web scanners comparison report by detecting more web vulnerabilities than other established scanners. Read More

When I tell someone that Netsparker is a False Positive Free web application security scanner, they’ll stare at me and think “Well, yet another lunatic!” They never actually said that but I can read it from their faces. They won’t say much assuming I’m a mad person who claims a scanner can avoid false positives and since I’m a mad person, I can be dangerous. I assume that’s why they generally choose to be silent after that claim! Read More