Complimentary 90-day, on-prem license available for entities involved in Covid19 response.

Netsparker's Web Application Security Blog

How DNS Cache Poisoning Attacks Work

Category: Web Security Readings - Last Updated: Fri, 13 Dec 2019 - by Zbigniew Banach
How DNS Cache Poisoning Attacks Work

DNS cache poisoning attacks try to fool applications into connecting to a malicious IP address by flooding a DNS resolver cache with fake addresses corresponding to requested domain names. If the attacker succeeds in filling the DNS cache with false data, the resolver might return a spoofed address instead of querying for the real one. As a result, the user might connect to a malicious site at the address returned from the cache. Let’s see why DNS spoofing is possible and how you can mitigate the threat. Read More

Ferruh Mavituna Talks About Building a Realistic Web Security Program on Enterprise Security Weekly #164

Category: Web Security Readings - Last Updated: Tue, 10 Dec 2019 - by Allen Baird
Ferruh Mavituna Talks About Building a Realistic Web Security Program on Enterprise Security Weekly #164

Netsparker CEO Ferruh Mavituna is interviewed on Enterprise Security Weekly about how to start building a realistic web security program in enterprises. He discusses the shift-left approach by which security is built into the application at an earlier stage, and how to reach this stage in a safe, prioritized and persuasive way. Read More

Progress Panel Improvements

Category: Product Docs & FAQS - Last Updated: Thu, 05 Dec 2019 - by Ugur Aldanmaz
Progress Panel Improvements

The Progress panel displays information about scan speed and progress, including how far your scan has progressed. The Netsparker Standard 5.5 November 2019 Update introduced improvements that help you better estimate the remaining scan time. Read More

Understanding Reverse Shells

Category: Web Security Readings - Last Updated: Tue, 03 Dec 2019 - by Zbigniew Banach
Understanding Reverse Shells

A reverse shell is a shell session established on a connection that is initiated from a remote machine, not from the attacker’s host. Attackers who successfully exploit a remote command execution vulnerability can use a reverse shell to obtain an interactive shell session on the target machine and continue their attack. Reverse shells can also work across a NAT or firewall. This article explains how reverse shells work in practice and what you can do to prevent them. Read More

South Dakota Bureau of Information and Telecommunications (SD BIT) Deploys Netsparker to Secure Residents’ Personal Data

Category: News - Last Updated: Tue, 26 Nov 2019 - by Dawn Baird
South Dakota Bureau of Information and Telecommunications (SD BIT) Deploys Netsparker to Secure Residents’ Personal Data

South Dakota Bureau of Information and Telecommunications conducted research and trials for a web application scanner to solve their internal and external security needs. They chose Netsparker because of its ease of use, superior accuracy, support knowledge base, meaningful reports and responsive team, enabling quicker security fixes. Read More

Top 10 Cybersecurity Trends to Look Out For in 2020

Category: Web Security Readings - Last Updated: Tue, 19 Nov 2019 - by Zbigniew Banach
Top 10 Cybersecurity Trends to Look Out For in 2020

2019 has seen cybersecurity issues firmly take their place in the news, both for the technology industry and the general public. While organizations are increasingly aware of the importance of cybersecurity, most are struggling to define and implement the required security measures. In this article, we take a look at 10 cybersecurity trends that are likely to shape the cybersecurity landscape in 2020, from data breaches and IT security staff shortages to security automation and integration. Read More

Red Team Vs Blue Team Testing for Cybersecurity

Category: Web Security Readings - Last Updated: Thu, 14 Nov 2019 - by Zbigniew Banach
Red Team Vs Blue Team Testing for Cybersecurity

Red team versus blue team exercises simulate real-life cyberattacks against organizations to locate weaknesses and improve information security. In this wargaming approach, the red team are the attackers and they attempt to infiltrate an organization’s digital and physical defenses using any attack techniques available to real attackers. The blue team’s job is to detect penetration attempts and prevent exploitation. Red team vs blue team exercises can last several weeks and provide a realistic assessment of an organization’s security posture. Read More

Why Static Code Analysis Is Not Enough to Secure Your Web Applications

Category: Web Security Readings - Last Updated: Thu, 07 Nov 2019 - by Zbigniew Banach
Why Static Code Analysis Is Not Enough to Secure Your Web Applications

Static code analysis tools are used to automatically check source code for errors and security vulnerabilities, as well as ensure compliance with coding standards. While effective for some classes of vulnerabilities, they have a number of disadvantages and limitations, especially for web applications. Dynamic analysis solutions address many of these problems and can complement or replace static tools. This article looks at some of the shortcomings of static analysis and shows how deploying dynamic analysis tools can help you improve web application security. Read More

XSS Filter Evasion

Category: Web Security Readings - Last Updated: Thu, 24 Oct 2019 - by Zbigniew Banach
XSS Filter Evasion

XSS filter evasion refers to a variety of methods used by attackers to bypass Cross-Site Scripting filters. Attackers attempting to inject malicious JavaScript into web page code must not only exploit an application vulnerability, but also evade input validation and fool complex browser filters. This article looks at some common approaches to XSS filter evasion and shows what you can do to improve application security. Read More

Successfully Integrating Security into the Software Development Life Cycle

Category: Web Security Readings - Last Updated: Wed, 16 Oct 2019 - by Allen Baird
Successfully Integrating Security into the Software Development Life Cycle

It is vital that security measures, including web application security scanning, play an early role in the software development life cycle. This article summarizes a podcast discussion in which Netsparker CEO Ferruh Mavituna talks about the place of security testing in the SDLC and how companies can achieve this integration with maximum success. Read More

What Is DevSecOps: How to Incorporate Security into DevOps

Category: Web Security Readings - Last Updated: Thu, 10 Oct 2019 - by Zbigniew Banach
What Is DevSecOps: How to Incorporate Security into DevOps

DevSecOps, or Development, Security and Operations, is a software development methodology that integrates security checks and practices into DevOps processes. Implementing DevSecOps requires organizations to adopt a security-first mindset and use automated security validation in their DevOps pipeline. This article looks at the evolution of methodologies towards DevSecOps and shows what tools can be used to ensure security in agile web application development. Read More

5 Ways a Cyberattack Can Hurt Your Organization

Category: Web Security Readings - Last Updated: Wed, 02 Oct 2019 - by Zbigniew Banach
5 Ways a Cyberattack Can Hurt Your Organization

Cyberattacks are an inevitable part of everyday business for organizations of all sizes worldwide. Despite growing awareness of the consequences of a successful attack, many organizations still downplay the associated risks. A cyberattack can have devastating and long-lasting consequences for the entire organization, and in this article, we will look at 5 crucial ways that a cyberattack can hurt your business. Read More