Integer Overflow Errors

Category: Web Security Readings - Last Updated: Fri, 18 Sep 2020 - by Zbigniew Banach
Integer Overflow Errors

An integer overflow happens when a program tries to store an integer value that is too big for the declared integer type. Apart from incorrect results and system instability, it can also cause buffer overflows and provide an entry point for attackers. Let's see why integer overflow errors are possible and what you can do to prevent them. Read More

Threat Modeling for Web Applications

Category: Web Security Readings - Last Updated: Fri, 11 Sep 2020 - by Zbigniew Banach
Threat Modeling for Web Applications

Threat modeling in cybersecurity is a way of identifying, listing, prioritizing, and mitigating potential threats in order to protect systems and data. This article shows how threat modeling works, how it applies to web application security, and why you should use it in your secure development process. Read More

How Netsparker Can Help with Compliance

Category: Product Docs & FAQS - Last Updated: Wed, 09 Sep 2020 - by Zbigniew Banach
How Netsparker Can Help with Compliance

Demonstrating web application compliance with various security standards and practices is crucial in many industries. To help scan applications and prepare reports for common web security compliance requirements, Netsparker comes with a host of predefined compliance checks and reports, including PCI DSS, OWASP Top 10, and HIPAA. Read More

The Difference Between Red Teaming and Penetration Testing

Category: Web Security Readings - Last Updated: Fri, 28 Aug 2020 - by Zbigniew Banach
The Difference Between Red Teaming and Penetration Testing

Red teaming is a way of testing security by simulating a real-life attack. Though often confused with penetration testing, red teaming has different objectives and uses different methods, often including physical security testing. This article looks at the differences between red team exercises and penetration testing to help you choose the best approach. Read More

5 Advantages of Ongoing Vulnerability Management Over Ad-Hoc Scanning

Category: Web Security Readings - Last Updated: Wed, 26 Aug 2020 - by Zbigniew Banach
5 Advantages of Ongoing Vulnerability Management Over Ad-Hoc Scanning

Why do organizations scan their websites and web applications for vulnerabilities? The question is not as silly as it seems, since many organizations treat vulnerability scanning as a precaution, not an integral part of their workflows. This article examines the advantages of systematic vulnerability management as compared to ad-hoc scanning. Read More

Beat Security Complexity with Automation

Category: Web Security Readings - Last Updated: Wed, 29 Jul 2020 - by Zbigniew Banach
Beat Security Complexity with Automation

Websites and web applications are getting more complex every year. Determining the web attack surface and securing assets all across the organization is a daunting task, especially for a small security team. Let’s identify the sources of this complexity and see how you can beat it to secure all your web assets. Read More

Announcing the Netsparker White Paper: Web Application Security or Network Security – Do You Have to Choose?

Category: Web Security Readings - Last Updated: Wed, 15 Jul 2020 - by Zbigniew Banach
Announcing the Netsparker White Paper: Web Application Security or Network Security – Do You Have to Choose?

The Netsparker white paper on web application security vs network security examines the history of web security and analyzes current trends to set the record straight on the role of web application security and network security in a mature cybersecurity program. This article highlights some of the key findings from the white paper. Read More

How the POODLE Attack Spelled the End of SSL 3.0

Category: Web Security Readings - Last Updated: Fri, 03 Jul 2020 - by Zbigniew Banach
How the POODLE Attack Spelled the End of SSL 3.0

The POODLE attack exploits protocol fallback from TLS to SSL 3.0 to reveal information from encrypted HTTPS communication. Discovered in 2014, this network attack demonstrated that SSL 3.0 should never be used again, not even as a legacy fallback. This article provides a high-level overview of the POODLE vulnerability and the fate of SSL 3.0. Read More

How to Ensure REST API Security

Category: Web Security Readings - Last Updated: Fri, 19 Jun 2020 - by Zbigniew Banach
How to Ensure REST API Security

Web application programming interfaces (APIs) provide the back end for modern web and mobile applications and account for over 80% of all web traffic. REST APIs are the most common type of web API for web services, so let’s see what you can do to ensure REST API security. Read More