Netsparker's Web Application Security Blog

Clickjacking Attacks: What They Are and How to Prevent Them

Category: Web Security Readings - Last Updated: Thu, 15 Aug 2019 - by Zbigniew Banach
Clickjacking Attacks: What They Are and How to Prevent Them

Clickjacking attacks attempt to trick the user into unintentionally clicking an unexpected web page element. Most clickjacking methods exploit vulnerabilities related to HTML iframes and prevention centers around preventing page framing. In this blog post, we will see how clickjacking works, how it can be prevented, and why this threat to application security is not going away any time soon. Read More

How Buffer Overflow Attacks Work

Category: Web Security Readings - Last Updated: Thu, 08 Aug 2019 - by Netsparker Team
How Buffer Overflow Attacks Work

A buffer overflow occurs when a program tries to write too much data into the buffer. This can cause the program to crash or to execute arbitrary code. Buffer overflow vulnerabilities exist only in low-level programming languages such as C with direct access to memory. However, they also affect the users of high-level web languages because the frameworks are often written in low-level languages. Read More

What Is Privilege Escalation and Why Is It Important?

Category: Web Security Readings - Last Updated: Fri, 02 Aug 2019 - by Zbigniew Banach
What Is Privilege Escalation and Why Is It Important?

This article explains what is privilege escalation, what are the types of privilege escalation (horizontal and vertical) and how can privilege escalation endanger your systems. It also examines typical privilege escalation scenarios and teaches you how you can protect user accounts in your systems and applications to maintain a good security posture. Read More

Man-in-the-Middle Attacks and How To Avoid Them

Category: Web Security Readings - Last Updated: Thu, 11 Jul 2019 - by Netsparker Security Team
Man-in-the-Middle Attacks and How To Avoid Them

Man-in-the-Middle (MiTM) attacks are a way for hackers to steal information. This article explains how MiTM and sniffing attacks differ. It lists three areas where MiTM attacks occur – public networks, personal computers and home routers. It describes the stages and techniques of how MiTM attacks work. Finally, it provides tips on avoiding attacks. Read More

Ferruh Mavituna is Interviewed About Netsparker by Enis Hulli, Host of Glocal

Category: News - Last Updated: Thu, 27 Jun 2019 - by Allen Baird
Ferruh Mavituna is Interviewed About Netsparker by Enis Hulli, Host of Glocal

Enis Hulli from Glocal interviews Netsparker CEO Ferruh Mavituna on what inspired him to start Netsparker, and the key points in Netsparker’s development from startup to market leader. Ferruh plots Netsparker’s target market, biggest competitors, current traction and future prospects. They also examine current security needs of tech companies. Read More

The Problem of String Concatenation and Format String Vulnerabilities

Category: Web Security Readings - Last Updated: Thu, 27 Jun 2019 - by Sven Morgenroth
The Problem of String Concatenation and Format String Vulnerabilities

String concatenation and format string vulnerabilities are a problem in many programming languages. This blog post explains the basics of string concatenation and insecure string concatenation functions in C. It then examines format string vulnerabilities, how they appear in different web applications, and their relation to XSS vulnerabilities. Read More

June 2019 Update for Netsparker Enterprise

Category: Releases - Last Updated: Mon, 17 Jun 2019 - by Gokhan Demir

This blog post announces updates for June’s 2019 release of Netsparker Enterprise. Highlights include auto update support for scanner agents, API endpoints for managing issues, and a new Managing Issues (Restricted) permission. There are also new scan policies for PCI and OWASP, a Best Practice severity level, and support for OAuth2 and RESTful API. Read More

Announcing the Enterprise Web Security Best Practices Whitepaper

Category: Web Security Readings - Last Updated: Fri, 14 Jun 2019 - by Netsparker Security Team
Announcing the Enterprise Web Security Best Practices Whitepaper

This blog post announces the publication of a whitepaper by Netsparker on Enterprise Web Security Best Practices: How To Build a Successful Security Process. This whitepaper provides instructions on how to build and scale a successful security process. Included is a best practices workflow compiled from industry leaders from years of experience. Read More

Ferruh Mavituna Talks About Discovering Websites on Business Security Weekly #129

Category: Web Security Readings - Last Updated: Tue, 11 Jun 2019 - by Allen Baird
Ferruh Mavituna Talks About Discovering Websites on Business Security Weekly #129

Netsparker CEO Ferruh Mavituna is interviewed on Business Security Weekly about the importance of an asset discovery service. He discusses the need for a multi-layered approach, the place of discovery in the SDLC, the use of Netsparker as a pre-purchase software check, the importance of visibility and accountability, and the need for automation. Read More

Celebrating 10 Years of Netsparker

Category: News - Last Updated: Thu, 06 Jun 2019 - by Netsparker Security Team
Celebrating 10 Years of Netsparker

This month, Netsparker celebrates its 10th birthday. In those 10 years, we’ve grown into a market leader and have helped hundreds of organisations along the way. Our Netsparker editions have developed significantly in this decade to respond to different security threats and the need to scale up for enterprises. Thanks for joining us on the journey! Read More

Frame Injection Attacks

Category: Web Security Readings - Last Updated: Thu, 30 May 2019 - by Ziyahan Albeniz
Frame Injection Attacks

This blog post examines Frame Injection attacks. It describes briefly the history of the invention and development of frames, what Frame Injection attacks and hijacks mean in terms of security, and what you can do to prevent them. It also compares Frame Injection attacks with Cross-site Scripting, which is often a priority for bug bounty hunters. Read More