The Dangerous Complexity of Web Application Security

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

Modern web applications are becoming so complex that it is virtually impossible to check every possible attack vector and ensure it is not vulnerable without using an automated tool, such as Netsparker Web Application Security Scanner. The same applies for the modern trend of web application vulnerabilities, some of them can only be reproduced using automated means. Hence why the more complex a web application is, the bigger the need to use an automated web vulnerability scanner to identify vulnerabilities before malicious hackers do. Read More

False Negatives in Web Application Security

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

What are false negatives and what cases automated web application security scanners to not detect a vulnerability? In this web application security blog post Robert Abela explains what false negatives are and what to look for when searching for an automated web vulnerability scanner to ensure that it detects all vulnerabilities and leaves no false negatives behind for malicious attackers to exploit. Read More

South African Police Web Application for Whistleblowers Hacked via SQL Injection

Category: News - Last Updated: Tue, 28 May 2013 - by Robert Abela

The repercussions an exploited web application vulnerability such as an SQL Injection can have are a lot. For example in this particular case, by exploiting an SQL injection vulnerability malicious hackers published a list of whistleblowers in South Africa, endangering their lives. This example highlights the importance of identifying each and every web application vulnerability, since a malicious hacker only needs to exploit one. Full details about the attack in this blog post. Read More

Web Application Security Misconception; Are All Vulnerabilities Equally Dangerous?

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

In this web application security blog post, Robert Abela talks about a common misconception in the web security industry; are all vulnerabilities equally dangerous? Abela explains and answers this common misconception using an example with two of the most popular web application vulnerabilities typically listed in OWASP Top 10; Cross-site scripting (XSS) and SQL Injection. Read More

The Problem of False Positives in Web Application Security and How to Tackle Them

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

This web application security blog post explains what are False Positives in web application security and what negative impact they have on web security experts. It also explains why common automated web security tools generate false positives and how Netsparker Web Application Security Scanner does not report any false positives at all. Read More

Businesses Need Automated Web Application Security Scanners to Detect Web Vulnerabilities

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

This web application security articles highlights the reasons why businesses should use automated web application security scanners such as Netsparker to identify all vulnerabilities in their web applications. Automated web application security scanners can identify vulnerabilities from the OWASP Top 10 and much more, which are typically exploited by malicious hackers. Read More

Are Hackers a Step Ahead? An Analysis using Web Application Vulnerabilities

Category: Web Security Readings - Last Updated: Wed, 13 Sep 2017 - by Robert Abela

In this analysis the Netsparker team used Netsparker Web Application Security Scanner to scan a number of popular open source web applications and identify vulnerabilities in them. The results are very shocking and explain why malicious hackers are always a step ahead of website owners. A vulnerability statistics infographic was also generated from the results. Read More