What is ASPM, or application security posture management?

Tue, 17 Jun 2025

ASPM tools promise a unified view of application security by aggregating data from testing tools like DAST, SAST, and SCA—but they don’t generate insights on their own. This post breaks down how ASPM works, where it adds value, and how a DAST-first platform like Invicti can offer many of the same capabilities but with validated and actionable results from its own security testing.

Web Application Security Testing should be part of QA Testing

Mon, 22 May 2017

Web vulnerability scanning should form part of the normal QA process when developing web applications to ensure that a business develops and releases secure web applications. Unless project managers start classifying security vulnerabilities and other web application security issues as normal functionality bugs, web developers will keep on developing vulnerable web applications.

Why Web Vulnerability Testing Needs to be Automated

Mon, 22 May 2017

There are several pitfalls in web application security and one of them is sticking to manual audits only. This blog posts highlights the benefits of automating the process of finding vulnerabilities and other security issues in modern web applications. It also looks into the common pitfalls encountered by web security specialists when trying to identify all web application vulnerabilities manually.

OWASP Top 10 2017 web application vulnerabilities

Mon, 18 Dec 2017

In this article, we look into all the vulnerabilities listed in the OWASP Top 10 list of most critical web application weaknesses for 2017.

An XSS Vulnerability is Worth up to $10,000 According to Google

Thu, 13 Jun 2013

Google are willing to pay up to $10,000 to anyone who discovers a cross-site scripting vulnerability in one of their web applications. Why are Google doing so? Definitely not by coincidence. By exploiting a cross-site scripting vulnerability a malicious hacker can easily gain administrative access on a web application, gain control over it and where possible infiltrate deeper into the corporate network. Read this blog post for more information about the impact an exploited XSS can have on your business.

The Dangerous Complexity of Web Application Security

Mon, 22 May 2017

Modern web applications are becoming so complex that it is virtually impossible to check every possible attack vector and ensure it is not vulnerable without using an automated tool, such as Netsparker Web Application Security Scanner. The same applies for the modern trend of web application vulnerabilities, some of them can only be reproduced using automated means. Hence why the more complex a web application is, the bigger the need to use an automated web vulnerability scanner to identify vulnerabilities before malicious hackers do.

How to choose the right web security scanner to reduce false negatives

Mon, 22 May 2017

What are false negatives and why can automated web application security scanners fail to detect a vulnerability? This post explains what false negatives are and what to look for when searching for an automated web vulnerability scanner to ensure that it detects all vulnerabilities without leaving security gaps for malicious attackers to exploit.

Web Application Security Misconception; Are All Vulnerabilities Equally Dangerous?

Mon, 22 May 2017

In this web application security blog post, Robert Abela talks about a common misconception in the web security industry; are all vulnerabilities equally dangerous? Abela explains and answers this common misconception using an example with two of the most popular web application vulnerabilities typically listed in OWASP Top 10; Cross-site scripting (XSS) and SQL Injection.

Businesses Need Automated Web Application Security Scanners to Detect Web Vulnerabilities

Mon, 22 May 2017

This web application security articles highlights the reasons why businesses should use automated web application security scanners such as Netsparker to identify all vulnerabilities in their web applications. Automated web application security scanners can identify vulnerabilities from the OWASP Top 10 and much more, which are typically exploited by malicious hackers.

Are Hackers a Step Ahead? An Analysis using Web Application Vulnerabilities

Wed, 13 Sep 2017

In this analysis the Netsparker team used Netsparker Web Application Security Scanner to scan a number of popular open source web applications and identify vulnerabilities in them. The results are very shocking and explain why malicious hackers are always a step ahead of website owners. A vulnerability statistics infographic was also generated from the results.

How Netsparker solves the challenge of false positives in web vulnerability scans

Mon, 22 May 2017

This web application security blog post explains why false positives are still among the biggest problems of today’s web application vulnerability scanners. You will also learn what the Netsparker team has done to ensure that Netsparker’s web application security solution does not burden users with false positives in web application security scan results.

JavaScript Scope and IntenseDebate’s Privacy Problems

Tue, 26 Apr 2011

In this web application security article, Ferruh Mavituna, explains a security issue he identified in IntenseDebate online service that could allow attackers to access information about the logged-in session of the victim. Ferruh also suggests a number of remedies for this problem which every web application developer should know of.

SVN Digger – Better Wordlists for Forced Browsing with Netsparker Web Application Security Scanner

Mon, 11 Apr 2011

In this blog post we explain how we built a database of keywords which will be used in Netsparker Web Application Security Scanner when doing forced browsing security checks to try and identify hidden resources in web applications during a security scan.