Netsparker's Web Application Security Blog

Easy Authenticated Scanning with Netsparker’s Custom Script Editor

Category: Product Docs & FAQS - Last Updated: Fri, 27 Nov 2020 - by Tuncay Kayaoglu
Easy Authenticated Scanning with Netsparker’s Custom Script Editor

Authenticated scanning has always been a challenge for automated web application security solutions. Netsparker provides an intuitive visual editor for authentication scripts to help you bring accurate and detailed vulnerability scanning to every website and application in your environment. This article shows why you should definitely know and use this feature. Read More

Exploiting Oracle: Analysis of the Recent RCE Vulnerability in WebLogic Server

Category: Web Security Readings - Last Updated: Fri, 20 Nov 2020 - by Sven Morgenroth
Exploiting Oracle: Analysis of the Recent RCE Vulnerability in WebLogic Server

In October 2020, a critical vulnerability in Oracle WebLogic Server was discovered that allowed for easy remote code execution. Assigned CVE identifier CVE-2020-14882, the issue prompted an out-of-band security update from Oracle. This article takes a closer look at the security flaws that make exploitation possible and demonstrates typical attack payloads. Read More

JSON Web Token Security with Sven Morgenroth

Category: Web Security Readings - Last Updated: Tue, 17 Nov 2020 - by Zbigniew Banach
JSON Web Token Security with Sven Morgenroth

JSON Web Tokens (JWTs) provide a standardized way to exchange information using locally-stored JSON objects. They are used as authentication tokens, especially with single sign-on, and can be digitally signed and encrypted for maximum security. Netsparker security researcher Sven Morgenroth shows how JWT security can go wrong. Read More

Easily Exploitable Vulnerabilities in Oracle WebLogic Server

Category: Web Security Readings - Last Updated: Fri, 13 Nov 2020 - by Tuncay Kayaoglu
Easily Exploitable Vulnerabilities in Oracle WebLogic Server

Two critical vulnerabilities identified in the Oracle WebLogic Server may allow attackers to take complete control of the server. Oracle released patches in October 2020 and advised users to install them as soon as possible. Netsparker has also released an update for Netsparker Standard and Enterprise so you can check if these issues affect your server. Read More

Announcing the Netsparker White Paper: Flexible Deployment Options with Netsparker Scan Agents

Category: Web Security Readings - Last Updated: Thu, 12 Nov 2020 - by Zbigniew Banach
Announcing the Netsparker White Paper: Flexible Deployment Options with Netsparker Scan Agents

Netsparker provides flexible deployment options to align vulnerability scanning with internal development and testing structures. This technical white paper highlights the challenges of dynamic application security testing in complex environments and includes deployment scenarios to show how Netsparker scan agents can be used in a wide variety of situations. Read More

Web Application Security in an Age of Cost Cutting

Category: Web Security Readings - Last Updated: Fri, 06 Nov 2020 - by Zbigniew Banach
Web Application Security in an Age of Cost Cutting

Security has traditionally been among the first victims of cost reductions. At the same time, for countless businesses that rely on web technologies to operate in the pandemic climate, cutting down on web security poses a huge risk. This article shows that organizations can gain far more by wisely focusing their web security budgets than by blindly cutting costs. Read More

Know Your Web Application Risks with Netsparker’s Kenna Integration

Category: Product Docs & FAQS - Last Updated: Tue, 03 Nov 2020 - by Zbigniew Banach
Know Your Web Application Risks with Netsparker’s Kenna Integration

In a large organization, finding web application vulnerabilities is only the first step to improving security. Often faced with thousands of issues across multiple environments, security teams need to pick their battles to prioritize vulnerabilities that carry the greatest risk. Learn how Netsparker integrates with Kenna to help organizations with risk-based vulnerability management. Read More

Privileged Access Management and Netsparker

Category: Web Security Readings - Last Updated: Tue, 27 Oct 2020 - by Tuncay Kayaoglu
Privileged Access Management and Netsparker

Privileged access management (PAM) allows organizations to centrally store, manage, and secure administrative credentials and other high-value secrets. While it can greatly reduce the risk of data breaches, PAM can also make it harder to fully scan web applications. Learn how Netsparker integrates with PAM solutions to address this challenge. Read More

How Web Shells Work

Category: Web Security Readings - Last Updated: Fri, 16 Oct 2020 - by Zbigniew Banach
How Web Shells Work

A web shell is a malicious script that provides an attacker with a convenient way to launch attacks using a compromised web server. Web shells can provide a permanent backdoor into web applications and related systems. Learn how web shells work, why they are dangerous, and what you can do to detect and prevent them. Read More

Netsparker Survey Reveals Executive Overconfidence in Web Security

Category: Web Security Readings - Last Updated: Tue, 13 Oct 2020 - by Zbigniew Banach
Netsparker Survey Reveals Executive Overconfidence in Web Security

How do web application security policies and programs translate into everyday practice? To find out, Netsparker commissioned a global survey of security professionals, covering a variety of roles and industries. The results should be a wake-up call for all security executives who still believe that all their web applications are secure and regularly tested. Read More

Secure by Design: Announcing the Netsparker Webinar Series

Category: Events - Last Updated: Wed, 07 Oct 2020 - by Saran Toure
Secure by Design: Announcing the Netsparker Webinar Series

Developing web applications first and securing them later is no longer a realistic approach. Organizations urgently need to move from testing only deployed applications to incorporating security from the earliest stages of development. Netsparker presents a three-part webinar series to help you make your web applications secure by design. Read More

More Than Scanning: Integrating Web Application Security

Category: Web Security Readings - Last Updated: Fri, 02 Oct 2020 - by Zbigniew Banach
More Than Scanning: Integrating Web Application Security

Ensuring security is not a one-off effort but a continuous process that needs to be integrated into the software development and testing workflows. Netsparker tightly integrates with existing tools and processes for maximum effectiveness and automation. This article shows how Netsparker fits into each stage of a secure application development process. Read More