Author Archives Zbigniew Banach

Making decisions based on probabilities and hunches instead of solid facts is bad not just for business but also for web security. Netsparker uses Proof-Based Scanning™ to cut through the uncertainty and show which web vulnerabilities are real and exploitable. Learn how this changes the entire approach to application security testing. Read More

JSON Web Tokens (JWTs) provide a standardized way to exchange information using locally-stored JSON objects. They are used as authentication tokens, especially with single sign-on, and can be digitally signed and encrypted for maximum security. Netsparker security researcher Sven Morgenroth shows how JWT security can go wrong. Read More

Netsparker provides flexible deployment options to align vulnerability scanning with internal development and testing structures. This technical white paper highlights the challenges of dynamic application security testing in complex environments and includes deployment scenarios to show how Netsparker scan agents can be used in a wide variety of situations. Read More

Security has traditionally been among the first victims of cost reductions. At the same time, for countless businesses that rely on web technologies to operate in the pandemic climate, cutting down on web security poses a huge risk. This article shows that organizations can gain far more by wisely focusing their web security budgets than by blindly cutting costs. Read More

In a large organization, finding web application vulnerabilities is only the first step to improving security. Often faced with thousands of issues across multiple environments, security teams need to pick their battles to prioritize vulnerabilities that carry the greatest risk. Learn how Netsparker integrates with Kenna to help organizations with risk-based vulnerability management. Read More

An insecure direct object reference (IDOR) is an access control vulnerability where unvalidated user input can be used for unauthorized access to resources or operations. IDORs can have serious consequences for cybersecurity and be hard to find yet easy to exploit. Here’s your pocket guide to insecure direct object references. Read More

A web shell is a malicious script that provides an attacker with a convenient way to launch attacks using a compromised web server. Web shells can provide a permanent backdoor into web applications and related systems. Learn how web shells work, why they are dangerous, and what you can do to detect and prevent them. Read More

How do web application security policies and programs translate into everyday practice? To find out, Netsparker commissioned a global survey of security professionals, covering a variety of roles and industries. The results should be a wake-up call for all security executives who still believe that all their web applications are secure and regularly tested. Read More

Ensuring security is not a one-off effort but a continuous process that needs to be integrated into the software development and testing workflows. Netsparker tightly integrates with existing tools and processes for maximum effectiveness and automation. This article shows how Netsparker fits into each stage of a secure application development process. Read More

Every modern enterprise needs a solid web application security program, but there’s a long and winding road between making the initial decision and actually getting an effective program in place. This article shows how organizations can plan their actions to see continuous security improvements, as explained by Netsparker CEO Ferruh Mavituna. Read More

An integer overflow happens when a program tries to store an integer value that is too big for the declared integer type. Apart from incorrect results and system instability, it can also cause buffer overflows and provide an entry point for attackers. Let's see why integer overflow errors are possible and what you can do to prevent them. Read More

Netsparker does a lot more than scan for vulnerabilities. During scanning, it also records a wealth of information about scan targets and performance in the Knowledge Base – your one-stop shop for streamlining web application and security management. This article highlights 4 key benefits of using the Knowledge Base. Read More

Threat modeling in cybersecurity is a way of identifying, listing, prioritizing, and mitigating potential threats in order to protect systems and data. This article shows how threat modeling works, how it applies to web application security, and why you should use it in your secure development process. Read More

Demonstrating web application compliance with various security standards and practices is crucial in many industries. To help scan applications and prepare reports for common web security compliance requirements, Netsparker comes with a host of predefined compliance checks and reports, including PCI DSS, OWASP Top 10, and HIPAA. Read More

Web security is a battlefield where the enemy is invisible and can strike from anywhere in the world. Without a high-level view of their security posture, organizations plan their defenses and anticipate attacks based on guesswork. A modern DAST solution is the only way to get immediate visibility and guide other web security initiatives. Read More

Red teaming is a way of testing security by simulating a real-life attack. Though often confused with penetration testing, red teaming has different objectives and uses different methods, often including physical security testing. This article looks at the differences between red team exercises and penetration testing to help you choose the best approach. Read More

Why do organizations scan their websites and web applications for vulnerabilities? The question is not as silly as it seems, since many organizations treat vulnerability scanning as a precaution, not an integral part of their workflows. This article examines the advantages of systematic vulnerability management as compared to ad-hoc scanning. Read More

Non-persistent XSS, also called reflected XSS, is the most basic type of cross-site scripting vulnerability, where a web application echoes and executes JavaScript from unvalidated user inputs. Let’s see why this is possible and what you can do to prevent it. Read More

The importance of dynamic application security testing (DAST) grows every day and many vendors now offer products that all make very similar claims. Netsparker CEO Ferruh Mavituna talked to Paul Asadoorian about the DAST market today, Netsparker’s vision, and what makes a true DAST solution. Read More

The OWASP API Security Top 10 is a list of top security concerns specific to web API security. Web APIs are the backbone of the modern web and mobile applications, so let’s have a look at the top 10 risks and ways of avoiding them. Read More