Complimentary 90-day, on-prem license available for entities involved in Covid19 response.

Netsparker's Web Application Security Blog

The Heartbleed Bug: How a Forgotten Bounds Check Broke the Internet

Category: Web Security Readings - Last Updated: Fri, 07 Feb 2020 - by Zbigniew Banach
The Heartbleed Bug: How a Forgotten Bounds Check Broke the Internet

The Heartbleed bug is a critical buffer over-read flaw in several versions of the OpenSSL library that can reveal unencrypted information from the system memory of a server or client running a vulnerable version of OpenSSL. Attacks can reveal highly sensitive data, such as login credentials, TLS private keys, and personal information. Let's take a closer look at one of the most serious and widespread security vulnerabilities in web history and see how just one buggy line of code could wreak havoc across the world. Read More

Using a Cybersecurity Framework for Web Application Security

Category: Web Security Readings - Last Updated: Fri, 31 Jan 2020 - by Zbigniew Banach
Using a Cybersecurity Framework for Web Application Security

A cybersecurity framework is a comprehensive set of guidelines that help organizations define cybersecurity policies to assess their security posture and increase resilience in the face of cyberattacks. Cybersecurity frameworks formally define security controls, risk assessment methods, and appropriate safeguards to protect information systems and data from cyberthreats. This article looks at the reasons for using a cybersecurity framework and shows how you can find best-practice cybersecurity processes and actions to apply to web application security. Read More

Announcing the Netsparker Whitepaper: False Positives in Web Application Security – Facing the Challenge

Category: Web Security Readings - Last Updated: Thu, 23 Jan 2020 - by Netsparker Team
Announcing the Netsparker Whitepaper: False Positives in Web Application Security – Facing the Challenge

The fast pace of modern web application development requires automated tools for vulnerability scanning and management, and false positives in vulnerability scan results can have a serious impact on the performance of security teams. This whitepaper discusses the many problems that false positives can bring all across the organization and shows how Netsparker’s Proof-Based Scanning™ technology can help to restore confidence in automated vulnerability scanning, improve workflow automation and web application security, and achieve real business benefits. Read More

January 2020 Update for Netsparker Enterprise

Category: Releases - Last Updated: Mon, 20 Jan 2020 - by Gokhan Demir
January 2020 Update for Netsparker Enterprise

This blog post announces the January 2020 update for Netsparker Enterprise. Highlights include a new Kenna integration, OTP support for Form Authentication, filtering support for new notifications, integration support for GitHub, and new Max Uploaded File Size and About page settings. Read More

How the BEAST Attack Works

Category: Web Security Readings - Last Updated: Fri, 17 Jan 2020 - by Zbigniew Banach
How the BEAST Attack Works

BEAST, or Browser Exploit Against SSL/TLS, was an attack that allowed a man-in-the-middle attacker to uncover information from an encrypted SSL/TLS 1.0 session by exploiting a known theoretical vulnerability. The threat prompted browser vendors and web server administrators to move to TLS v1.1 or higher and implement additional safeguards. Although no modern web browser remains vulnerable, the BEAST attack shows how a minor theoretical vulnerability can be combined with other weaknesses to craft a practical attack. This article looks at how the BEAST attack worked, why it was possible, and how it was eventually mitigated. Read More

Netsparker Terminates Support for TLS 1.1

Category: Product Docs & FAQS - Last Updated: Fri, 17 Jan 2020 - by Netsparker Security Team

Netsparker will no longer support TLS 1.1 from 26 December 2019. This will affect all HTTPS traffic to Netsparker, including: software updates, the licensing process for Netsparker and vulnerability database updates. Netsparker requests that all users encountering issues should update their settings or contact Netsparker Support. Read More

System Hardening for Your Web Applications

Category: Web Security Readings - Last Updated: Tue, 14 Jan 2020 - by Zbigniew Banach
System Hardening for Your Web Applications

System hardening is the practice of securing a computer system by reducing its attack surface. This includes removing unnecessary services and unused software, closing open network ports, changing default settings, and so on. For web applications, the attack surface is also affected by the configuration of all underlying operating systems, databases, network devices, application servers, and web servers. This article examines approaches to system hardening and shows what security measures you can apply to keep your web applications safe. Read More

BREACH Attack Security Check

Category: Releases - Last Updated: Wed, 08 Jan 2020 - by Allen Baird
BREACH Attack Security Check

Netsparker web application security scanners use a wide and ever growing range of security checks to test for vulnerabilities in a scan. The Netsparker Standard 5.5 November 2019 Update introduced a new BREACH Attack security check that is enabled by default. Read More

CWE/SANS Top 25 Software Errors for 2019

Category: Web Security Readings - Last Updated: Fri, 03 Jan 2020 - by Zbigniew Banach
CWE/SANS Top 25 Software Errors for 2019

In September 2019, a new CWE/SANS Top 25 Most Dangerous Software Errors list was published for the first time since 2011. Unlike previous lists, it was calculated by analyzing reported vulnerabilities to determine underlying weaknesses, so it is especially valuable for developers and software security professionals. This article looks at the top-rated software weaknesses and shows how they apply in practice to web application security. Read More

Netsparker’s 2019: The Year in Review

Category: News - Last Updated: Fri, 27 Dec 2019 - by Zbigniew Banach
Netsparker’s 2019: The Year in Review

2019 has been a very special year for Netsparker, as we celebrated our 10th anniversary. For the past 10 years, our revolutionary web vulnerability scanner has been helping organizations of all sizes worldwide to eliminate vulnerabilities, reduce costs, and embrace automation. We’ve also been busy with industry events, security research, whitepapers, and blog articles – so please join us for a look back at this year’s highlights and most popular content. Read More

Season's Greetings

Category: Web Security Readings - Last Updated: Tue, 24 Dec 2019 - by Netsparker Team
Season's Greetings

The entire Netsparker team would like to wish you all the best in the upcoming holiday season. Whether you are celebrating Christmas, Hanukkah, Kwanzaa, Yule, Las Posadas, or simply taking the time off to rest, may you spend it with those who are closest to you. Read More

How DNS Cache Poisoning Attacks Work

Category: Web Security Readings - Last Updated: Fri, 13 Dec 2019 - by Zbigniew Banach
How DNS Cache Poisoning Attacks Work

DNS cache poisoning attacks try to fool applications into connecting to a malicious IP address by flooding a DNS resolver cache with fake addresses corresponding to requested domain names. If the attacker succeeds in filling the DNS cache with false data, the resolver might return a spoofed address instead of querying for the real one. As a result, the user might connect to a malicious site at the address returned from the cache. Let’s see why DNS spoofing is possible and how you can mitigate the threat. Read More