Clik here to view.
Sven Morgenroth Talks About How Facebook Stored Millions of Passwords in...
Sven Morgenroth, a security researcher at Netsparker, was interviewed by Paul Asadoorian for Hack Naked News #212. Sven talked about the leak that revealed how Facebook had been storing hundreds of...
View ArticleClik here to view.
New Generation Robots.txt: Apple App-Site-Association
Apple has developed an iOS version of robots.txt, the file that controls the navigation of the search bots on a website. The file, referred to as Apple-app-site-association (AASA), holds the...
View ArticleClik here to view.
SameSite Cookies by Default in Chrome 76 and Above
Beginning its journey almost ten years ago, Google Chrome has become one of the most popular web browsers on the internet and continues to prioritize speed and security in its service to users. Earlier...
View ArticleSven Morgenroth, Netsparker – Application Security Weekly #60
Sven Morgenroth, a security researcher at Netsparker, was interviewed by Mike Shema for Application Security Weekly #60 on May 6, 2019. Matt Alderman – CEO of Security Weekly – and John Kinsella also...
View ArticleClik here to view.
Frame Injection Attacks
A Frame Injection is a type of Code Injection vulnerability classified by OWASP Top 10 2017 in its A1 Injection category. Cross-site Scripting is naturally prioritized by bug bounty hunters since it...
View ArticleClik here to view.
inFactor Scans with Netsparker Following Every Code Deployment
“At inFactor, we believe that our security-focused culture is fundamental in helping protect our platform and customers. Netsparker enables our team to quickly identify vulnerabilities by launching...
View ArticleClik here to view.
Celebrating 10 Years of Netsparker
It is hard to believe that Netsparker is ten years old, this month! Back in 2009, Ferruh Mavituna, then a visionary web security researcher, launched into the web application security marketplace with...
View ArticleClik here to view.
IP Disclosure of Servers Behind WAFs Using Wordpress XML-RPC
By the end of the 90s, communication between distributed systems had become a crucial necessity. One of the solutions implemented since then is the XML-RPC (Remote Procedure Call) protocol. This...
View ArticleFerruh Mavituna Talks About Discovering Websites on Business Security Weekly...
Ferruh Mavituna, Netsparker founder and CEO, was interviewed in May 2019 by Paul Asadorian and Jason Albuquerque for Business Security Weekly #129. They discussed the Application Service Discovery...
View ArticleClik here to view.
Netsparker to Exhibit at Black Hat USA 2019 in Las Vegas
This year, Netsparker will exhibit at Black Hat USA 2019 in Las Vegas, USA. The Business Hall will be open from August 7 to 8 at the Mandalay Bay Convention Center.Join Us at Booth #1074 at Black Hat...
View ArticleClik here to view.
Announcing the Enterprise Web Security Best Practices Whitepaper
If your enterprise has a fully-manned web security team, you can consider yourself lucky, at least for now. Cybersecurity Ventures predicts that by 2021, there will be 3.5 million unfilled...
View ArticleClik here to view.
June 2019 Update for Netsparker Enterprise
We're delighted to announce a Netsparker Enterprise update. The highlights in this update are auto update support for scanner agents, an improved Manage Agents page, a new API endpoints for managing...
View ArticleClik here to view.
The Problem of String Concatenation and Format String Vulnerabilities
If JavaScript is your programming language of choice, you probably don't have to worry about string concatenation a lot. Instead, one of the recurring problems you might encounter is having to wait...
View ArticleFerruh Mavituna is Interviewed About Netsparker by Enis Hulli, Host of Glocal
Netsparker CEO Ferruh Mavituna was interviewed by Enis Hulli, the host of Glocal, a podcast that "features entrepreneurs from all around the world that started in dysfunctioning ecosystems and built...
View ArticleClik here to view.
XSS Auditors – Abuses, Updates and Protection
XSS Auditors are security mechanisms in browsers that operate as a preventative layer against Reflected Cross-site Scripting attacks. Each browser has a different way of implementing XSS Auditors. In...
View ArticleClik here to view.
What is a Man-in-the-Middle Attack and How To Avoid It?
A man-in-the-middle attack (MiTM) happens when an attacker modifies a connection so that it goes through their computer. They can steal sensitive information and change data on the fly.For example,...
View ArticleClik here to view.
Protecting Your Website Using an Anti-CSRF Token
It is crucial to make sure that your website or web application security policy includes measures against Cross-Site Request Forgery (CSRF/XSRF) attacks. These attacks may not be dangerous to you...
View ArticleClik here to view.
What Is the Low Orbit Ion Cannon (LOIC)?
The Low Orbit Ion Cannon (LOIC) is a network stress testing application created by Praetox Technologies. It is used as an attack tool in DoS/DDoS attacks. LOIC is a Windows application that was written...
View ArticleClik here to view.
What Is Privilege Escalation and Why Is It Important?
Privilege escalation happens when a malicious user of an account or application gains access to the privileges of another user account in the target system. The attacker can then use the newly gained...
View ArticleClik here to view.
How Buffer Overflow Attacks Work
A computer program may be vulnerable to buffer overflow if it handles incoming data incorrectly. Anybody who can provide suitably crafted user input data can cause such a program to crash. Even worse,...
View Article