Web Application Security Zone by Netsparker

Content Security Policy (CSP) Standard Explained

Category: Web Security Readings - Last Updated: Fri, 11 Nov 2016 - by Sven Morgenroth

This article explains how the Content Security Policy security standard works and how it can be used by web developers when developing web applications to avoid cross-site scripting, clickjacking, protocol downgrading and other vulnerabilities web applications are typically susceptible to. Read More

Local File Inclusion Vulnerability

Category: Web Security Readings - Last Updated: Wed, 31 Aug 2016 - by Robert Abela

This introductory article explains how the Local File Inclusion vulnerability works, how attackers can exploit it on vulnerable web applications, and also recommends development best practices to prevent it. Read More

Command Injection Vulnerability

Category: Web Security Readings - Last Updated: Fri, 25 Nov 2016 - by Sven Morgenroth

This article explains what is the command injection vulnerability, how it works (how malicious hackers can exploit it) and also explains how to ensure your web applications are not vulnerable to this vulnerability. Read More

SQL Injection Cheat Sheet

Category: Web Security Readings - Last Updated: Tue, 06 Dec 2016 - by Ferruh Mavituna

Use our SQL Injection Cheat Sheet to learn about the different variants of the SQL Injection vulnerability. In this cheat sheet you can find detailed technical information about SQL Injection vulnerabilities against MySQL, Microsoft SQL Server, Oracle and PostgreSQL SQL servers. Read More

Security Weekly and Ferruh Mavituna Talk Automation and Scaling Up Web Application Security

Category: Web Security Readings - Last Updated: Fri, 13 May 2016 - by Robert Abela

During episode #442 of Security Weekly, Ferruh Mavituna, Paul Asadoorian, Jeffrey Man and several other web security professionals talk about the challenges of automating web application security and how companies can scale up automated web application security scanning and scan 100s and 1000s of web applications with the least possible resources. Read More