Netsparker's Web Application Security Blog

Announcing the Netsparker White Paper: Web Application Security or Network Security – Do You Have to Choose?

Category: Web Security Readings - Last Updated: Wed, 15 Jul 2020 - by Zbigniew Banach
Announcing the Netsparker White Paper: Web Application Security or Network Security – Do You Have to Choose?

The Netsparker white paper on web application security vs network security examines the history of web security and analyzes current trends to set the record straight on the role of web application security and network security in a mature cybersecurity program. This article highlights some of the key findings from the white paper. Read More

How the POODLE Attack Spelled the End of SSL 3.0

Category: Web Security Readings - Last Updated: Fri, 03 Jul 2020 - by Zbigniew Banach
How the POODLE Attack Spelled the End of SSL 3.0

The POODLE attack exploits protocol fallback from TLS to SSL 3.0 to reveal information from encrypted HTTPS communication. Discovered in 2014, this network attack demonstrated that SSL 3.0 should never be used again, not even as a legacy fallback. This article provides a high-level overview of the POODLE vulnerability and the fate of SSL 3.0. Read More

How to Ensure REST API Security

Category: Web Security Readings - Last Updated: Fri, 19 Jun 2020 - by Zbigniew Banach
How to Ensure REST API Security

Web application programming interfaces (APIs) provide the back end for modern web and mobile applications and account for over 80% of all web traffic. REST APIs are the most common type of web API for web services, so let’s see what you can do to ensure REST API security. Read More

Bridging the Cybersecurity Skills Gap

Category: Web Security Readings - Last Updated: Fri, 12 Jun 2020 - by Zbigniew Banach
Bridging the Cybersecurity Skills Gap

The global cybersecurity skills shortage is no secret. Analysts estimate that by 2021, over 4 million cybersecurity jobs will be unfilled. With cybercrime continually on the rise and information security high on the agenda of organizations, the demand for cybersecurity professionals keeps growing. The cybersecurity skills gap is real and it’s here to stay – so what can you do? Read More

May 2020 Update for Netsparker Standard 5.8

Category: Releases - Last Updated: Thu, 14 May 2020 - by Netsparker Security Team
May 2020 Update for Netsparker Standard 5.8

This blog post announces the May 2020 update for Netsparker Standard 5.8. The highlights of this release are Pivotal tracker integration, a Mime type step for test website configuration, improved pre-request scripting API, a fragment parsing option, and a new SameSite Cookies security check. Read More

What Are Format String Vulnerabilities?

Category: Web Security Readings - Last Updated: Thu, 07 May 2020 - by Zbigniew Banach
What Are Format String Vulnerabilities?

Format strings are used in many programming languages to insert values into a text string. In some cases, this mechanism can be abused to perform buffer overflow attacks, extract information or execute arbitrary code. Let’s take a closer look at format string vulnerabilities and see why they exist. Read More