The DAST-first mindset: A CISO’s perspective

Tue, 08 Apr 2025

The level of accuracy and automation of modern DAST platforms allows security leaders to make an outside-in approach the foundation of risk-based application security. Welcome to CISO’s Corner, and let’s talk about the DAST-first mindset.

Passwords vs. Pass Phrases – Innovation and Evolution

Mon, 22 May 2017

This third and last password paper looks into new innovations and evolution of passwords and authentication mechanisms. It looks into what other options there are available should we opt for something more secure than passwords and pass phrases.

An automated scanner that finds all OWASP Top 10 security flaws? Really?

Fri, 02 Aug 2019

Shellshock Exploit and Vulnerability Explained | Bash RCE

Thu, 09 Nov 2017

The Shellshock Bash vulnerability allows an attacker to send operating system commands to the web server operating system, thus allowing the attacker to take over the server. This web security article explains what is the Shellshock vulnerability and how you can automatically check if your web environment is vulnerable to this critical vulnerability.

Ruby on Rails Security Basics

Wed, 06 Aug 2014

How Fast is Your Web vulnerability Scanner?

Mon, 22 May 2017

There are many different factors that can affect the duration of a complete web application security test. Learn what such factors are and learn how to evaluate your security tools to ensure your business gets the best return on investment when doing web application security tests.

URL Rewrite Rules and Web Vulnerability Scanners

Tue, 23 May 2017

URL Rewrite Rules have become extremely popular in web applications but many web vulnerability scanners fall short of automatically scan such websites. Read this article to learn more on why typical web vulnerability scanners are unable to scan websites which use URL rewrite rules and what Netsparker did to allow users to easily and automatically scan websites with URL rewrite technology enabled.

What is DOM-based XSS (cross-site scripting)?

Thu, 09 May 2019

Passwords vs. Pass Phrases – Weaknesses Beyond the Password

Mon, 22 May 2017

Using strong passwords is not enough, the whole system should be built well to ensure that the underlying technology can survive a data breach, when, and not if it happens. In fact a modernized approach to password ideology is only one of the several necessary steps for a highly-secured system

Why QA Pros Should Be More Involved in Web Security

Mon, 22 May 2017

This security post explains why QA team members can be a good fit to do web application security testing and vulnerability finding and why businesses should involve more QA team members in their web application security programs.

Passwords vs. Pass Phrases – An Ideological Divide

Mon, 22 May 2017

The concept of passwords is very old and the more efficient offline password crackers are becoming, the more difficult it is for users to come up with complex passwords. This whitepaper looks into how efficient complex passwords are and highlights other alternatives to complex passwords.

What Can We Learn from Ebay Hack Attack?

Thu, 22 May 2014

ebay just confirmed that one of its services has been hacked and malicious hackers managed to get their hands on a database that contain sensitive user information such as usernames and passwords. Could such attack have been avoided? This article explains what happened and highlights a number of web security best practices to avoid having your websites and web applications hacked.

The DAST-first mindset: A CISO’s perspective

Passwords vs. Pass Phrases – Innovation and Evolution

Social Hacking of Support and Implementation Teams

An automated scanner that finds all OWASP Top 10 security flaws? Really?

Shellshock Exploit and Vulnerability Explained | Bash RCE

Ruby on Rails Security Basics

How Fast is Your Web vulnerability Scanner?

URL Rewrite Rules and Web Vulnerability Scanners

What is DOM-based XSS (cross-site scripting)?

Passwords vs. Pass Phrases – Weaknesses Beyond the Password

Why QA Pros Should Be More Involved in Web Security

Passwords vs. Pass Phrases – An Ideological Divide

What Can We Learn from Ebay Hack Attack?