Netsparker's Web Application Security Blog

Web vulnerability scanning should form part of the normal QA process when developing web applications to ensure that a business develops and releases secure web applications. Unless project managers start classifying security vulnerabilities and other web application security issues as normal functionality bugs, web developers will keep on developing vulnerable web applications. Read More

There are several pitfalls in web application security and one of them is sticking to manual audits only. This blog posts highlights the benefits of automating the process of finding vulnerabilities and other security issues in modern web applications. It also looks into the common pitfalls encountered by web security specialists when trying to identify all web application vulnerabilities manually. Read More

Press Release | Netsparker announces Netsparker Web Application Security Scanner version 3.0. The new version of Netsparker reduces the web security scan time to enable you to improve productivity, it confirms your payment web applications are PCI compliant, and helps you automated much more of your web application security scanning. Read More

In this Netsparker case study we see how Layers-7, an IT Security Consultancy firm, uses Netsparker Web Application Security Scanner to secure the web applications of its customers and help them be compliant with today's stringent requirements. They also explain how they could automated most of their security services with Netsparker and how they concluded that Netsparker is the best web vulnerability scanner that fits their needs. Read More

In Netsparker version 3 we introduced the Scan Policy Editor. The Scan Policy Editor allows Netsparker users to create new scan policies in which they can specify which web application vulnerability checks should be included in a web security scan. Read this blog post for more information on the Scan Policy Editor and how you can use it to create your own scan policies and launch more efficient web application security scans. Read More

Netsparker Version 3 - By far way better than its predecessors, Netsparker Web Application Security Scanner version 3 makes web application security an easy task and allows web application security experts automate more than ever before. Generate PCI Compliance reports with Netsparker 3.0 to verify your web applications are PCI complaint. Read this blog post for more details of what is new and improved in Netsparker version 3.0. Read More

In this article we look into all the vulnerabilities listed in the OWASP Top 10 list of most critical web application vulnerabilities for 2017. Read More

Google are willing to pay up to $10,000 to anyone who discovers a cross-site scripting vulnerability in one of their web applications. Why are Google doing so? Definitely not by coincidence. By exploiting a cross-site scripting vulnerability a malicious hacker can easily gain administrative access on a web application, gain control over it and where possible infiltrate deeper into the corporate network. Read this blog post for more information about the impact an exploited XSS can have on your business. Read More

Netsparker can detect vulnerabilities in Ruby and Rails web applications. In this blog post we explain how a Ruby on Rails Remote Code Execution Vulnerability is exploited in the wild and how you can check if your web applications are vulnerable to such vulnerability with Netsparker. Read More

Modern web applications are becoming so complex that it is virtually impossible to check every possible attack vector and ensure it is not vulnerable without using an automated tool, such as Netsparker Web Application Security Scanner. The same applies for the modern trend of web application vulnerabilities, some of them can only be reproduced using automated means. Hence why the more complex a web application is, the bigger the need to use an automated web vulnerability scanner to identify vulnerabilities before malicious hackers do. Read More

What are false negatives and what cases automated web application security scanners to not detect a vulnerability? In this web application security blog post Robert Abela explains what false negatives are and what to look for when searching for an automated web vulnerability scanner to ensure that it detects all vulnerabilities and leaves no false negatives behind for malicious attackers to exploit. Read More

The repercussions an exploited web application vulnerability such as an SQL Injection can have are a lot. For example in this particular case, by exploiting an SQL injection vulnerability malicious hackers published a list of whistleblowers in South Africa, endangering their lives. This example highlights the importance of identifying each and every web application vulnerability, since a malicious hacker only needs to exploit one. Full details about the attack in this blog post. Read More

In this web application security blog post, Robert Abela talks about a common misconception in the web security industry; are all vulnerabilities equally dangerous? Abela explains and answers this common misconception using an example with two of the most popular web application vulnerabilities typically listed in OWASP Top 10; Cross-site scripting (XSS) and SQL Injection. Read More

This web application security blog post explains what are False Positives in web application security and what negative impact they have on web security experts. It also explains why common automated web security tools generate false positives and how Netsparker Web Application Security Scanner does not report any false positives at all. Read More

This web application security articles highlights the reasons why businesses should use automated web application security scanners such as Netsparker to identify all vulnerabilities in their web applications. Automated web application security scanners can identify vulnerabilities from the OWASP Top 10 and much more, which are typically exploited by malicious hackers. Read More

In this analysis the Netsparker team used Netsparker Web Application Security Scanner to scan a number of popular open source web applications and identify vulnerabilities in them. The results are very shocking and explain why malicious hackers are always a step ahead of website owners. A vulnerability statistics infographic was also generated from the results. Read More

Like Google, the Netsparker team has also been experimenting with the 20% time policy. This means that for 20% of the time during the week anyone from the Netsparker team can work on his or her own project, provided the company can benefit from it. Read More

In this blog post, Ferruh Mavituna explains what he and his team has learnt from the releases of Netsparker Web Application Security Scanner. Ferruh shares his experience of how everything is done, how the team works and how every decision, even a small one might affect the whole release cycle of Netsparker. Read More

This web application security blog post explains why false positives are one of the biggest problem of today's commercial web application vulnerability scanners and also explains what the Netsparker team is doing to ensure that Netsparker Web Application Security Scanner does not report false positives when doing a web application security scan. Read More

In this web application security article, Ferruh Mavituna, explains a security issue he identified in IntenseDebate online service that could allow attackers to access information about the logged-in session of the victim. Ferruh also suggests a number of remedies for this problem which every web application developer should know of. Read More