Missing X-Frame-Options header? You should be using CSP anyway

Fri, 07 Mar 2025

When clickjacking attacks using iframes first became possible, browser vendors reacted by adding X-Frame-Options as a dedicated security header for controlling page embedding permissions. Learn how setting the right Content Security Policy makes up for a missing X-Frame-Options header today.

Security Weekly Talks About Web Application Security & Automation with Netsparker CEO

Mon, 22 May 2017

In this episode of Security Weekly, Netsparker CEO Ferruh Mavituna talks about automating and scaling up the process of web application security scanning.

VIDEO: What is Netsparker? An Interview with Ferruh Mavituna

Tue, 29 Mar 2016

In this video interview, Netsparker CEO and founder Ferruh Mavituna explains what is Netsparker and also talks about the technology that makes the Netsparker web vulnerability scanning technology dead-accurate.

SQL injection cheat sheet

Wed, 21 Oct 2015

The Importance of Finding All Vulnerabilities on Your Web Applications

Mon, 22 May 2017

Although compliance is mandatory, a secure web application is more important. This article explains why website owners should focus on finding and fixing all possible vulnerabilities on their web applications, even if it means doing much more than PCI DSS compliance require.

Security Weekly and Ferruh Mavituna Talk Automation and Scaling Up Web Application Security

Mon, 22 May 2017

During episode #442 of Security Weekly, Ferruh Mavituna, Paul Asadoorian, Jeffrey Man and several other web security professionals talk about the challenges of automating web application security and how companies can scale up automated web application security scanning and scan 100s and 1000s of web applications with the least possible resources.

Understanding the Differences Between Technical and Logical Web Application Vulnerabilities

Mon, 22 May 2017

Web application vulnerabilities can be split within two categories; logical and technical vulnerabilities. This post explains the main differences between these two different vulnerability categories.

The Dark Web: Black Market Websites, Script Kiddies, Hacking and more…

Tue, 31 Oct 2017

Have you ever wondered about what happens in the digital black market, or as better known the dark web? Do you know how easy it is for someone who does not have any security experience to buy a tool that can find vulnerabilities in websites and exploit them automatically? Read this article for more detailed information of how the dark web evolved and about the things you and anyone else can do with just a little bit of money.

An Easy to Use Web Application Security Scanner Means More Secure Web Applications

Mon, 22 May 2017

Most security software is very difficult to use hence businesses and organizations are failing to ensure the security of their IT assets. See how Netsparker is helping businesses ensure the long term security of their websites and web applications by developing an easy to use web application security scanner that also allows more automation.

Using Invicti To Comply With The OWASP Application Security Verification Standard When Developing Web Applications

Mon, 22 May 2017

The OWASP Application Security Verification Standard is a set of standards developed by OWASP to help developers write more secure code and web applications. This article explains how an automated web application security scanner such as Netsparker can help you comply with OWASP ASVS and develop more secure web applications.

Security Weekly Interviews Ferruh Mavituna about Web Application Security

Mon, 22 May 2017

In this interview with Security Weekly, Ferruh talks about web application security and explains how he got started, why Netsparker Enterprise is the ideal tool for large organizations who would like to ensure the security of all their web applications, explains how the false positive free vulnerability scanning technology works and much more.

Netsparker Enterprise or Netsparker Desktop?

Tue, 23 May 2017

Should you use the desktop edition of Netsparker or go for Netsparker Enterprise, the new online web application security scanner? This article talks about the scope of both products and explains in detail what they are to help you better understand both products and choose the best solution.

What Can You Learn from 87 Advisories About Web Application Vulnerabilities?

Mon, 22 May 2017

This article looks into the details of all the 87 advisories Netsparker published about SQL Injection, XSS and other vulnerabilities Netsparker Web Application Security Scanner identified in several open source web applications. It uses statistics to highlight the state of security of both open source and non open source web applications.