Netsparker's Web Application Security Blog

The Shellshock Bash vulnerability allows an attacker to send operating system commands to the web server operating system, thus allowing the attacker to take over the server. This web security article explains what is the Shellshock vulnerability and how you can automatically check if your web environment is vulnerable to this critical vulnerability. Read More

The new Netsparker version 3.5.5 has an improved URL rewrite rules wizards which allow users to fine tune the scanning of websites using URL rewrite rules for more efficient and precise web security scans. Read More

This getting started document explains how to use the built in security of Ruby on Rails to build secure web applications and prevent the most common vulnerabilities, such as cross-site scripting and sql injections. The guide also lists down a number of Ruby gems that can be used to help developers write more secure code. Read More

There are many different factors that can affect the duration of a complete web application security test. Learn what such factors are and learn how to evaluate your security tools to ensure your business gets the best return on investment when doing web application security tests. Read More

Netsparker Web Application Security Scanner is used by many businesses and organizations worldwide to help them identify vulnerabilities and security holes in their websites and web application and keep them secure. Read our SECWATCH case study to see how this Dutch security firm is able to deliver efficient and cost effective web application security services to its customers with Netsparker. Read More

Finally Netsparker Web Application Security Scanner version 3.5 is available for download. Check out what is new in this new version of Netsparker and update your Netsparker today to benefit from the latest features and ensure you scan your web applications with the latest web vulnerability security tests. Read More

A web security article that explains what is a DOM based cross-site scripting using real live coding examples. The article also explains why the traditional XSS remediation methods do not work and what you can do to ensure that your web applications are not vulnerable to DOM based cross-site scripting vulnerability. Read More

URL Rewrite Rules have become extremely popular in web applications but many web vulnerability scanners fall short of automatically scan such websites. Read this article to learn more on why typical web vulnerability scanners are unable to scan websites which use URL rewrite rules and what Netsparker did to allow users to easily and automatically scan websites with URL rewrite technology enabled. Read More

This article explains how to easily configure URL Rewrite Rules in Netsparker Web Application Security Scanner to scan websites and web applications which have URL Rewrite Technology enabled. By specifying URL Rewrite Rules you can scan the parameters in the URL. Read More

Press Release covering the release of Netsparker Web Application Security Scanner version 3.5. With the new Netsparker you can automatically detect DOM based cross-site scripting vulnerabilities in web applications, easily configure URL rewrite rules to scan parameters in URLs and much more. Read More

Using strong passwords is not enough, the whole system should be built well to ensure that the underlying technology can survive a data breach, when, and not if it happens. In fact a modernized approach to password ideology is only one of the several necessary steps for a highly-secured system Read More

This security post explains why QA team members can be a good fit to do web application security testing and vulnerability finding and why businesses should involve more QA team members in their web application security programs. Read More

The concept of passwords is very old and the more efficient offline password crackers are becoming, the more difficult it is for users to come up with complex passwords. This whitepaper looks into how efficient complex passwords are and highlights other alternatives to complex passwords. Read More

Scan policies in Netsparker allow you to save a specific Netsparker configuration setup so you do not have to configure the scanner each time you scan a different web application, thus saving a lot of time and improving your productivity. By using Scan Policies you can also specify which type of vulnerability checks should be launched during an automated web vulnerability scan. Read More

ebay just confirmed that one of its services has been hacked and malicious hackers managed to get their hands on a database that contain sensitive user information such as usernames and passwords. Could such attack have been avoided? This article explains what happened and highlights a number of web security best practices to avoid having your websites and web applications hacked. Read More

Many companies shy away from automated testing: it cannot replace manual testing, they reason, and so why invest so much in it? This view can be defended for user interface testing, but it falls short of the reality of web security testing, or better web vulnerability scanning. Read more and learn how an automated web vulnerability scanner can help you get the best out of your web testing and security teams Read More

Is the web vulnerability scanner you are using approved by PCI? This article talks about PCI and PCI DSS and explains why automated software used in PCI DSS compliance audits, such as an automated web vulnerability scanner and web security scanner cannot be approved by PCI. Read More

The Heartbleed vulnerability allows malicious hackers to access sensitive information such as users credentials and the web server private key from a web server's memory. Scan your websites and web applications with Netsparker Web Application Security Scanner to check if they are vulnerable to the Heartbleed SSL vulnerability. Read More

Game consoles such as the Microsoft’s Xbox One and Sony’s PlayStation 4 has become very popular and almost every computer enthusiast has one. Today it is possible to install Netsparker on Xbox One and PlayStation 4 and launch automated web application vulnerability scans using the game controller from the comfort of your sofa. Read More

Netsparker has always been an innovator in the web application security industry. It developed the first false positive free web vulnerability scanner, it simplified the process of detecting web application vulnerabilities and much more. Thanks to this approach Netsparker is leaving an imprint in such industry hence it has been chosen as a finalist in the Red Herring Top 100 European Awards. Read More