Author Archives Zbigniew Banach

An integer overflow happens when a program tries to store an integer value that is too big for the declared integer type. Apart from incorrect results and system instability, it can also cause buffer overflows and provide an entry point for attackers. Let's see why integer overflow errors are possible and what you can do to prevent them. Read More

Netsparker does a lot more than scan for vulnerabilities. During scanning, it also records a wealth of information about scan targets and performance in the Knowledge Base – your one-stop shop for streamlining web application and security management. This article highlights 4 key benefits of using the Knowledge Base. Read More

Threat modeling in cybersecurity is a way of identifying, listing, prioritizing, and mitigating potential threats in order to protect systems and data. This article shows how threat modeling works, how it applies to web application security, and why you should use it in your secure development process. Read More

Demonstrating web application compliance with various security standards and practices is crucial in many industries. To help scan applications and prepare reports for common web security compliance requirements, Netsparker comes with a host of predefined compliance checks and reports, including PCI DSS, OWASP Top 10, and HIPAA. Read More

Web security is a battlefield where the enemy is invisible and can strike from anywhere in the world. Without a high-level view of their security posture, organizations plan their defenses and anticipate attacks based on guesswork. A modern DAST solution is the only way to get immediate visibility and guide other web security initiatives. Read More

Red teaming is a way of testing security by simulating a real-life attack. Though often confused with penetration testing, red teaming has different objectives and uses different methods, often including physical security testing. This article looks at the differences between red team exercises and penetration testing to help you choose the best approach. Read More

Why do organizations scan their websites and web applications for vulnerabilities? The question is not as silly as it seems, since many organizations treat vulnerability scanning as a precaution, not an integral part of their workflows. This article examines the advantages of systematic vulnerability management as compared to ad-hoc scanning. Read More

Non-persistent XSS, also called reflected XSS, is the most basic type of cross-site scripting vulnerability, where a web application echoes and executes JavaScript from unvalidated user inputs. Let’s see why this is possible and what you can do to prevent it. Read More

The importance of dynamic application security testing (DAST) grows every day and many vendors now offer products that all make very similar claims. Netsparker CEO Ferruh Mavituna talked to Paul Asadoorian about the DAST market today, Netsparker’s vision, and what makes a true DAST solution. Read More

The OWASP API Security Top 10 is a list of top security concerns specific to web API security. Web APIs are the backbone of the modern web and mobile applications, so let’s have a look at the top 10 risks and ways of avoiding them. Read More

People often ask us what vulnerability database Netsparker uses in its scans. In reality, finding known vulnerabilities is just a small part of what we do. This article describes how Netsparker works under the hood and where its biggest strengths lie. Read More

Directory traversal, also called path traversal, is a vulnerability that allows attackers to break out of a web server's root directory and access other locations in the server's file system. Let's see what makes directory traversal attacks possible and what you can do to prevent them. Read More

Websites and web applications are getting more complex every year. Determining the web attack surface and securing assets all across the organization is a daunting task, especially for a small security team. Let’s identify the sources of this complexity and see how you can beat it to secure all your web assets. Read More

Input validation is the first step of checking the type and content of data supplied by a user or application. Improper input validation is a major factor in many web security vulnerabilities, including cross-site scripting (XSS) and SQL injection. Let’s see why proper data validation is so important for application security. Read More

The Netsparker white paper on web application security vs network security examines the history of web security and analyzes current trends to set the record straight on the role of web application security and network security in a mature cybersecurity program. This article highlights some of the key findings from the white paper. Read More

In the web world, using outdated technologies is the rule rather than the exception. Let’s see why that is, what risks it brings, and what you can do to take control of web technology versions in your organization. Read More

The POODLE attack exploits protocol fallback from TLS to SSL 3.0 to reveal information from encrypted HTTPS communication. Discovered in 2014, this network attack demonstrated that SSL 3.0 should never be used again, not even as a legacy fallback. This article provides a high-level overview of the POODLE vulnerability and the fate of SSL 3.0. Read More

Dynamic application security testing (DAST) for web applications has come a long way from its modest beginnings a decade ago. This article debunks the top 5 myths about DAST, as discussed by Netsparker CEO Ferruh Mavituna on Enterprise Security Weekly #188. Read More

Web application programming interfaces (APIs) provide the back end for modern web and mobile applications and account for over 80% of all web traffic. REST APIs are the most common type of web API for web services, so let’s see what you can do to ensure REST API security. Read More

Web application security is a complex and dynamic field of cybersecurity. Fortunately, there are a few things that you can do to bring quick and measurable improvements to your web application security posture. Read More