Netsparker's Web Application Security Blog

Final Nail in the Coffin of HTTP: Chrome 68 and SSL/TLS Implementation

Category: Web Security Readings - Last Updated: Thu, 30 Aug 2018 - by Ziyahan Albeniz
Final Nail in the Coffin of HTTP: Chrome 68 and SSL/TLS Implementation

In this blog post, our Security Researcher Ziyahan Albeniz examines the latest Chrome release, which makes secure web connections the new standard by checking the validity of secure TLS certificates. This article examines encryption keys, certificates and certificate authorities, HSTS, HPKP, SRI and CSP, and concludes with some code examples. Read More

Exploiting a Microsoft Edge Vulnerability to Steal Files

Category: Web Security Readings - Last Updated: Wed, 01 Aug 2018 - by Ziyahan Albeniz

This blog post documents our Security Researcher Ziyahan Albeniz's experiment in exploiting a Microsoft Edge browser vulnerability. He explains how a combination of SOP, the ability to email clickable links and a vulnerability in both the Windows Mail and Calendar applications actually enable the exploit. It includes his Proof of Exploit video. Read More

Ferruh Explains Why Web Application Security Automation is a Must in Enterprises

Category: Web Security Readings - Last Updated: Wed, 25 Jul 2018 - by Dawn Baird

Watch episode #98 of Enterprise Security Weekly, in which Ferruh Mavituna, our CEO, talks about penetration testing versus dynamic scanning tools, such as Netsparker; the differences between Waterfall and Agile methodologies; addressing vulnerabilities early in the SDLC; static integration; accuracy and trust; bug bounties; and workflow management. Read More

What is an osquery Injection and How Does it Work?

Category: Web Security Readings - Last Updated: Thu, 19 Jul 2018 - by Omer Citak

This blog post examines osquery, a framework that enables developers to write SQL-based queries that explore system data. It includes instructions for how to install osquery on the Ubuntu operating system. It also explores what osquery allows you to do and concludes with an examination of the osquery library and injection. Read More

Ferruh Mavituna Interviewed About Web App Security by Byron Acohido

Category: News - Last Updated: Thu, 28 Jun 2018 - by Robert Abela

Ferruh Mavituna is interviewed about the growing success of Netsparker, and how Netsparker has anticipated and adapted to some of the largest trends in the digital transformation. Netsparker's focus on web apps, cloud based environments, and scanning to scale, all contribute to its success, as well as its core focus on automation and accuracy. Read More

Sumeru Solutions – Netsparker Case Study

Category: News - Last Updated: Thu, 21 Jun 2018 - by Robert Abela

Sumeru Solutions is an software development company that makes banking and information security solutions, and mobile apps. They selected Netsparker to automate and speed up their web scanning processes because of its rapid configurability, ease of use, reliability, lack of false positives, and ability to handle a larger range and scale of products. Read More

Ferruh Mavituna Is Interviewed About Netsparker at RSA Conference 2018

Category: News - Last Updated: Fri, 15 Jun 2018 - by Netsparker Team

Ferruh Mavituna chatted with John Dasher at the RSA Conference 2018 about Netsparker's powerful ability as a tool to find web application security vulnerabilities accurately, quickly, early, and automatically, in a way that brings scalability, visibility and connectivity to the entire security scanning process, from planning to product deployment. Read More

Netsparker Plans & Editions Integration

Category: Product Docs & FAQS - Last Updated: Thu, 24 May 2018 - by Robert Abela

The Netsparker web application security solution is available via three different plans through which users will have access to both Netsparker Desktop and Netsparker Cloud. Plans also allow users to easily share scan and vulnerability data between the two editions of Netsparker. Read More