Netsparker's Web Application Security Blog

In this blog post, Ferruh Mavituna explains what he and his team has learnt from the releases of Netsparker Web Application Security Scanner. Ferruh shares his experience of how everything is done, how the team works and how every decision, even a small one might affect the whole release cycle of Netsparker. Read More

This web application security blog post explains why false positives are one of the biggest problem of today's commercial web application vulnerability scanners and also explains what the Netsparker team is doing to ensure that Netsparker Web Application Security Scanner does not report false positives when doing a web application security scan. Read More

In this web application security article, Ferruh Mavituna, explains a security issue he identified in IntenseDebate online service that could allow attackers to access information about the logged-in session of the victim. Ferruh also suggests a number of remedies for this problem which every web application developer should know of. Read More

In this blog post we explain how we built a database of keywords which will be used in Netsparker Web Application Security Scanner when doing forced browsing security checks to try and identify hidden resources in web applications during a security scan. Read More

In this blog post we explain how malicious hackers hacked into the Apache Foundation web servers and gained root access. They started by exploiting a cross-site scripting vulnerability in a web application called Jira. We scanned Jira with Netsparker and detected all of the vulnerabilities the malicious hackers exploited and more. This incident should serve as an example to all corporations to use Netsparker Web Application Security Scanner to identify and close down web application vulnerabilities. Read More

WebRaider is a proof of concept tool to get reverse shell from an SQL Injection with one request, without using any extra channels such as TFTP or FTP to upload the initial payload. Read More

Even though Netsparker is one of the youngest automated web application security scanners on the market, it excelled in Larry Suto's web scanners comparison report by detecting more web vulnerabilities than other established scanners. Read More

Create your own web application security reports using the Netsparker Custom Reporting API. This blog post explains how to generate custom reports using real live examples. Read More