Netsparker's Web Application Security Blog

POODLE SSL Vulnerability - The End of Life for SSL 3.0

Category: Releases - Last Updated: Wed, 01 Mar 2017 - by Robert Abela

The newly discovered POODLE SSL vulnerability enables attackers to capture and read traffic encrypted using the SSL 3.0 protocol, which even though is fifteen years old the protocol is still widely supported for backward compatibility. Scan your web servers with Netsparker to check if they are vulnerable to the POODLE SSL vulnerability. Read More

An Automated Scanner That Finds All OWASP Top 10 Security Flaws, Really?

Category: Web Security Readings - Last Updated: Fri, 02 Aug 2019 - by Netsparker Security Team
An Automated Scanner That Finds All OWASP Top 10 Security Flaws, Really?

Many security software vendors claim that automated web vulnerability scanners can identify all security flaws listed in the OWASP Top 10 list. This web security article examines each category in the OWASP Top 10 list, discusses each of them and shows how they can be detected, determining whether such claims are true or not. Read More

Shellshock Bash Remote Code Execution Vulnerability Explained and How to Detect It

Category: Web Security Readings - Last Updated: Thu, 09 Nov 2017 - by Robert Abela

The Shellshock Bash vulnerability allows an attacker to send operating system commands to the web server operating system, thus allowing the attacker to take over the server. This web security article explains what is the Shellshock vulnerability and how you can automatically check if your web environment is vulnerable to this critical vulnerability. Read More

Ruby on Rails Security Basics

Category: Web Security Readings - Last Updated: Wed, 06 Aug 2014 - by Ryan Dewhurst
Ruby on Rails Security Basics

This getting started document explains how to use the built in security of Ruby on Rails to build secure web applications and prevent the most common vulnerabilities, such as cross-site scripting and sql injections. The guide also lists down a number of Ruby gems that can be used to help developers write more secure code. Read More

Netsparker Allows SECWATCH to Provide Affordable and Efficient Web Application Security Audits

Category: News - Last Updated: Mon, 22 May 2017 - by Ferruh Mavituna

Netsparker Web Application Security Scanner is used by many businesses and organizations worldwide to help them identify vulnerabilities and security holes in their websites and web application and keep them secure. Read our SECWATCH case study to see how this Dutch security firm is able to deliver efficient and cost effective web application security services to its customers with Netsparker. Read More

URL Rewrite Rules and Web Vulnerability Scanners

Category: Web Security Readings - Last Updated: Tue, 23 May 2017 - by Robert Abela

URL Rewrite Rules have become extremely popular in web applications but many web vulnerability scanners fall short of automatically scan such websites. Read this article to learn more on why typical web vulnerability scanners are unable to scan websites which use URL rewrite rules and what Netsparker did to allow users to easily and automatically scan websites with URL rewrite technology enabled. Read More

Netsparker Scan Policies Feature Highlight Video

Category: Product Docs & FAQS - Last Updated: Tue, 23 May 2017 - by Robert Abela

Scan policies in Netsparker allow you to save a specific Netsparker configuration setup so you do not have to configure the scanner each time you scan a different web application, thus saving a lot of time and improving your productivity. By using Scan Policies you can also specify which type of vulnerability checks should be launched during an automated web vulnerability scan. Read More

What Can We Learn from Ebay Hack Attack?

Category: Web Security Readings - Last Updated: Thu, 22 May 2014 - by Robert Abela

ebay just confirmed that one of its services has been hacked and malicious hackers managed to get their hands on a database that contain sensitive user information such as usernames and passwords. Could such attack have been avoided? This article explains what happened and highlights a number of web security best practices to avoid having your websites and web applications hacked. Read More

Don't Waste Your Testing Team's Talents - Automate the Repetitive

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Irit Arkin

Many companies shy away from automated testing: it cannot replace manual testing, they reason, and so why invest so much in it? This view can be defended for user interface testing, but it falls short of the reality of web security testing, or better web vulnerability scanning. Read more and learn how an automated web vulnerability scanner can help you get the best out of your web testing and security teams Read More