Netsparker's Web Application Security Blog

How Private Data Can Be Stolen with a CSS Injection

Category: Web Security Readings - Last Updated: Wed, 25 Apr 2018 - by Netsparker Security Team

Can private data be stolen by employing a CSS Injection? Why are hackers so determined? This article explores Cyber and Information Security expert Mike Gualtieri's experiments with CSS Exfil and the use of CSS Attribute Selectors. It concludes with a few pointers on how to avoid this type of attack and the need for a Content Security Policy. Read More

Netsparker GDPR Survey: 10 Percent of C-Level Security Execs Say GDPR Will Cost Them $1M+

Category: News - Last Updated: Thu, 12 Apr 2018 - by Robert Abela

Press Release | We surveyed international C-Level Executives about their compliance plans for the EU's upcoming GDPR. This update contains the survey results, which shows that affected companies are serious about compliance and aware of the costs involved. It also reveals those industries that are most affected and those that are least prepared. Read More

Introducing the Same-origin Policy Whitepaper

Category: Web Security Readings - Last Updated: Fri, 06 Apr 2018 - by Dawn Baird

This blog post outlines the contents of our Same-origin Policy Whitepaper: The Definitive Guide to Same-origin Policy. It includes a discussion of SOP misconceptions and implementations. It is jointly by Alex Baker, an independent Security Researcher, together with Ziyahan Albeniz and Emre Iyidogan, two of Netsparker's Security Researchers. Read More

Why You Should Never Pass Untrusted Data to Unserialize When Writing PHP Code

Category: Web Security Readings - Last Updated: Thu, 29 Mar 2018 - by Sven Morgenroth

Unserialize is a PHP function that, while often classified as a security risk, is seldom defined. This article explains the vulnerability and contains a PHP Classes Crash Course that includes properties and 'magic methods'. It uses examples to illustrate the basic concepts of Deserialization, PHP Object Injection and Class Autoloading in PHP. Read More

Facebook & Cambridge Analytica Data Breach

Category: Web Security Readings - Last Updated: Tue, 27 Mar 2018 - by Dawn Baird

This blog post examines the Facebook and Cambridge Analytica Data Breach news, asks what might change at Facebook and discusses whether users or organisations are responsible. It also examines whether data portability or security is the priority and sets out some basic questions web application vendors need to ask of their data security policies. Read More

Sven Morgenroth Explains & Demos Same-origin Policy and How to Circumvent it

Category: Web Security Readings - Last Updated: Thu, 22 Mar 2018 - by Robert Abela

Watch episode #550 of Enterprise Security Weekly in which Sven Morgenroth, our Security Researcher, talks about Same Origin Policy, its origin, how it works as a security measure, various incorrect implementation issues and dangers. The show includes slides and a demo of four exploits that abuse mistakes developers make when circumventing SOP. Read More

Securing Netsparker Cloud by Restricting IP Addresses

Category: Product Docs & FAQS - Last Updated: Wed, 21 Mar 2018 - by Burak Aydin

IP address restrictions enables organizations to restrict from which IP addresses users can access Netsparker Cloud, enhancing the security of the solution. Users with Administrator permission can enable it, so that anyone trying to log in to Netsparker Cloud from an IP address not in the trusted IP addresses list will be denied access. Read More

Ferruh Mavituna Talks About Web Security on Enterprise Security Weekly Podcast

Category: Web Security Readings - Last Updated: Thu, 15 Mar 2018 - by Robert Abela

Watch episode #81 of Enterprise Security Weekly in which Ferruh Mavituna, our CEO, talks about Netsparker's current focus, the role of web application vulnerabilities in data breaches, honesty in the web application security industry, dynamic and static analysis tools, enterprise requirements for scalability, IoT and his conference plans for April. Read More

Netsparker and Brinqa Partner on Web Application Security Webinar

Category: Events - Last Updated: Thu, 08 Mar 2018 - by Robert Abela

In this webinar, our CEO, Ferruh Mavituna, and Director of Product at Brinqa, Syed Abdur, discusses the exposed attack surface that is responsible for most data breaches. They examine how organizations can integrate Netsparker and Brinqa into the SDLC to help confidently manage security vulnerabilities and build resilient web applications. Read More

Netsparker Raises $40 Million to Accelerate Growth of Leading Web Application Security Software

Category: News - Last Updated: Thu, 08 Mar 2018 - by Robert Abela

Press Release | We are delighted to announce that an investment of $40 Million by San Francisco-based growth and private equity fund, Turn River Capital, will accelerate product development, marketing and sales team expansion, and acquisitions at Netsparker to support the increased enterprise level demand for web application security software. Read More

February 2018 Netsparker Cloud Update

Category: Releases - Last Updated: Wed, 07 Mar 2018 - by Robert Abela

Our latest news is about the first Netsparker Cloud update of 2018 – new integration plugins for both TeamCity and Jenkins, that will enable you to further integrate vulnerability scanning into your Software Development Lifecycle. The plugins are available via a new Integration menu in Netsparker Cloud and delivered efficiently via a wizard. Read More

How to Integrate Netsparker Into Your Existing SDLC

Category: Product Docs & FAQS - Last Updated: Tue, 06 Mar 2018 - by Duran Serkan Kilic

This article explains how to integrate Netsparker into your existing Software Development Lifecycle. It also provides instructions on how to view Continuous Integration information in Netsparker's Status window and in the Scan Report, how to configure Username Mappings and how to disable creating and assigning issues to the code committer. Read More