Invicti’s automated DAST turns heads at it-sa Expo&Congress 2022
Organizations are still learning about the capabilities of modern DAST tools and their importance for web application security. This post summarizes the Invicti crew’s impressions from it-sa Expo&Congress 2022. The post Invicti’s automated DAST turns heads at it-sa Expo&Congress 2022 appeared first on Invicti ... Read More
Cybersecurity awareness is for life, not just for October
Cybersecurity awareness is crucial, but there’s a long way to go from awareness to action. As we wrap up Cybersecurity Awareness Month, it’s time for the next steps – and the path of least noise might just be the best way to go. The post Cybersecurity awareness is for life, ... Read More
Vulnerabilities a routine part of web application releases, survey finds
Invicti research has revealed that releasing web applications with known vulnerabilities is almost a standard operating procedure for a large majority of organizations. The Fall 2022 edition of the Invicti AppSec Indicator shows that companies are struggling with alert noise – but also determined to get a grip on their ... Read More
HTTP security headers: An easy way to harden your web applications
Modern browsers support a wide array of HTTP headers that can improve web application security to protect against clickjacking, cross-site scripting, and other common attacks. This post provides an overview of best-practice HTTP security headers that you should be setting in your websites and applications. The post HTTP security headers: ... Read More
Let’s stop the noise around false positives
False positives in cybersecurity have gone from a precise technical term to a catch-all moniker for all undesirable results. This post cuts through the jargon to show that the wider challenge facing organizations today is knowing when and where to take action – and false positives are only a small ... Read More
How cybersecurity frameworks apply to web application security
Cybersecurity frameworks are formalized sets of guidelines for defining cybersecurity policies. This post explains why they are so useful and how you can use the most popular NIST framework when building your application security program. The post How cybersecurity frameworks apply to web application security appeared first on Invicti ... Read More
So you think cross-site scripting isn’t a big deal?
Far from being low-priority issues, cross-site scripting vulnerabilities in your websites and applications can directly put your users and customers at risk. This post goes through just one possible attack scenario to show how dangerous XSS can be. The post So you think cross-site scripting isn’t a big deal? appeared ... Read More
Security tool integration can make or break secure development – ESG report
Application security tools are vital for secure development, but the way they are used makes all the difference. A research report prepared by ESG with Invicti underlines the importance of security tool and workflow integration in real-world AppSec programs. The post Security tool integration can make or break secure development ... Read More
Incorporating business logic to get the best out of DAST
Knowing what to test is a prerequisite for all testing but is especially important for dynamic application security testing (DAST). To guide a vulnerability scanner through every part of your application with full authentication and without extensive manual setup, you can use advanced features such as Invicti’s Business Logic Recorder ... Read More
10 common developer misconceptions about web application security
If you’re a web developer, you’re already familiar with many aspects of application security – and you’ve also heard conflicting opinions about it. To clear up some popular AppSec myths, we’ve put together a list of 10 common misconceptions about security in web development. Read on to make sure you’re ... Read More
