March 2019 Update for Netsparker Standard

March 2019 Update for Netsparker Standard

We're delighted to announce a Netsparker Standard release. The highlights of this release are the New Scan Policies for PCI and OWASP Top Ten Vulnerabilities. Other new features include: Smart Netsparker Assistant scanning guide Added Integration options for Azure DevOps, Redmine and Bugzilla New Best Practice Severity Level New RESTful ... Read More
CVSS: Characterizing and Scoring Vulnerabilities

CVSS: Characterizing and Scoring Vulnerabilities

The impact of potential vulnerabilities on our hardware and software increases significantly as our daily activities become more digitized. Preventing these vulnerabilities requires us to know how they work. But we also need an assessment mechanism to evaluate their criticality. The existence of varying web application vulnerability detection products in ... Read More
Using the DNS as a File System

DNSFS: Is it Possible to Use DNS as a File System?

In the world of information security and privacy, Domain Name System (DNS) requests present a problem. Not only are they unencrypted by default, making it easy for anyone to intercept and modify them, but attackers have also used them in order to amplify Distributed Denial of Service (DDoS) attacks. Attackers ... Read More
Rewritten Sitemap and Issues Panes

December 2018 Update for Netsparker Standard

We're delighted to announce a Netsparker Standard release. The highlights of this release are: a rewritten Sitemap and Issues panes; a new Family Vulnerabilities feature; added support for 64-bit smart card drivers and Swagger 3.0 Importer; and several, new Send To integrations, including GitLab, Bitbucket, Unfuddle and Zapier. This announcement ... Read More
Discovering Hacking IoT Devices Using Web Based Attacks

Discovering and Hacking IoT Devices Using Web-Based Attacks

DNS rebinding attacks have been the topic of ongoing discussion for twenty years. Despite their efforts, browser vendors still can’t find a stable defence against these attacks. They were reported to have been be fixed eight years ago. However, this type of attack has resurfaced against a new attack vector ... Read More
Bypass of Disabled System Functions

Bypass of Disabled System Functions

Imagine that you discover an Unrestricted File Upload vulnerability and upload a web shell to the server. Or, you have a payload that allows you to execute commands on the system through Local File Inclusion (LFI) or Remote File Inclusion (RFI) vulnerabilities. When you execute the command that’s expected to ... Read More
Using Google Bots as an Attack Vector

Using Google Bots as an Attack Vector

According to the statistics, Google always has more than 70% of the web search market value. Many users use their address bar as Google’s search bar. Therefore, being visible on Google is crucial for websites as it continues to dominate the market. In this article, we analyze a study from ... Read More
Negative Impact of Incorrect CSP Implementations

Negative Impact of Incorrect CSP Implementations

Content Security Policy (CSP) is an effective client-side security measure that is designed to prevent vulnerabilities such as Cross-Site Scripting (XSS) and Clickjacking. Following the regular discovery of bypass techniques, a group of researchers led by Google managed to fix these weaknesses in CSP version 3.0. With each new bypass ... Read More
How to Configure Google Single Sign-On Integration with SAML

How to Configure Google Single Sign-On Integration with SAML

Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An Identity Provider (IdP) service provides administrators with a single place to manage all users and cloud applications. You don't have to manage individual user ... Read More
How to Configure Pingidentity Single Sign-On Integration with SAML

How to Configure Pingidentity Single Sign-On Integration with SAML

Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An Identity Provider (IdP) service provides administrators with a single place to manage all users and cloud applications. You don't have to manage individual user ... Read More