Download Netsparker
Pricing
Blog
Contact
Netsparker

CRLF Injection and HTTP Response Splitting Vulnerability

Category: Web Security Readings - Tags: crlf , https response splitting , vulnerability - Thu, 08 Sep 2016, by Sven Morgenroth
This article explains what the CRLF Injection is and how it can be used to do HTTP response splitting or HTTP header injection to trick the victim's browser. Read more...

Local File Inclusion Vulnerability

Category: Web Security Readings - Tags: local file inclusion , vulnerability , lfi - Wed, 31 Aug 2016, by Robert Abela
This introductory article explains how the Local File Inclusion vulnerability works, how attackers can exploit it on vulnerable web applications, and also recommends development best practices to prevent it. Read more...

Using the Same-Site Cookie Attribute to Prevent CSRF Attacks

Category: Web Security Readings - Tags: same site cookie attribute , csrf , web security reading - Tue, 23 Aug 2016, by Ziyahan Albeniz
This article looks into the details of how the Same-Site cookie attribute works and how it can be used to help prevent malicious cross-site request forgery (CSRF) attacks. Read more...

Command Injection Vulnerability

Category: Web Security Readings - Tags: command injection vulnerability , web application vulnerability - Tue, 16 Aug 2016, by Sven Morgenroth
This article explains what is the command injection vulnerability, how it works (how malicious hackers can exploit it) and also explains how to ensure your web applications are not vulnerable to this vulnerability. Read more...

CSRF Vulnerability in Yandex Browser Allows Attackers to Steal Victim's Browsing Data

Category: Web Security Readings - Tags: csrf vulnerability , advisory , yandex browser - Tue, 09 Aug 2016, by Ziyahan Albeniz
This post explains how a malicious hacker can exploit a CSRF vulnerability in the Yandex browser that would allow them to get hold of the victim's confidential browsing data, including bookmarks, browsing history and also saved usernames and passwords. Read more...

Web Application Security and the SDLC Discussed on the Virtualization and Cloud Security Podcast

Category: Web Security Readings - Tags: web application security , interview , video , automation , sdlc - Fri, 08 Jul 2016, by Robert Abela
Ferruh Mavituna, Netsparker's CEO talks about web application security automation and scalability with Edward Haletky in episode 17 of the Virtualizastion and Cloud Security Podcast. Read more...

Subresource Integrity (SRI) for Validating Web Resources Hosted on Third Party Services (CDNs)

Category: Web Security Readings - Tags: web security reading , subresource integrity , sri , cdn - Wed, 29 Jun 2016, by Robert Abela
This article explains what is Subresource Integrity (SRI), how it works and how it helps web application developers ensure a more secure web environment especially when hosting resources on third party servers and services such as Content Delivery Networks (CDNs). Read more...

Web Application Security Basics - Keeping All Your Software Up To Date

Category: Web Security Readings - Tags: old vulnerable software , keeping software up to date , web security basics - Tue, 19 Apr 2016, by Robert Abela
What can we learn from the Mossack Fonseca hack and the Panama Papers leak? This article highlights the repercussions of ignoring one of the most basic concepts of IT and web application security; not updating your software. Read more...

Security Weekly Talks About Web Application Security & Automation with Netsparker CEO

Category: Web Security Readings - Tags: web application security , interview , video , automation - Wed, 13 Apr 2016, by Robert Abela
In this episode of Security Weekly, Netsparker CEO Ferruh Mavituna talks about automating and scaling up the process of web application security scanning. Read more...

SQL Injection Cheat Sheet

Category: Web Security Readings - Tags: sql injection , cheat sheet , web security - Thu, 17 Mar 2016, by Ferruh Mavituna
Use our SQL Injection Cheat Sheet to learn about the different variants of the SQL Injection vulnerability. In this cheat sheet you can find detailed technical information about SQL Injection vulnerabilities against MySQL, Microsoft SQL Server, Oracle and PostgreSQL SQL servers. Read more...

Follow us