Are you considering using an open-source vulnerability scanner to secure your web applications? In some cases, this is an excellent idea, but in other circumstances, it may reduce your initial costs only to greatly increase them later. Let us guide you and show you the factors you should consider as well as some of the … Continue reading Which open-source vulnerability scanner is right for you?
Path traversal attacks against Java web applications can expose sensitive information and allow escalation to more dangerous attacks. This post provides an overview of Java path traversal and announces an Invicti technical paper and open-source tool. Path traversal/directory traversal vulnerabilities allow malicious hackers to abuse user input to access files on the web server or the … Continue reading Path traversal in Java web applications – announcing the Invicti technical paper
(Ghostwritten for Kellie Vugrincic) In October 2022, Invicti organized its first Cybersecurity Roadshow event in Malta. Invicti staff visited MCAST to meet the students and faculty for a discussion of cybersecurity as both a field of study and a promising career path.At Invicti, we want to be a pillar of the local community, wherever that … Continue reading Invicti Malta Cybersecurity Roadshow 2022 at MCAST
Every data breach is costly, but it doesn’t take a sophisticated attacker to get your company into big trouble. Web application security is your first line of defense – and here’s why you cannot afford to drop your guard. Perhaps you feel that security vendors are trying to sell you something by scaremongering. After all, … Continue reading Can you afford to cut back on web application security?
On July 11, 2022, the Cyber Safety Review Board (CSRB) published a report on Log4Shelstating that organizations should be prepared to address Log4j vulnerabilities for years to come. We’re taking a look at the reasons why Log4shell is not going to go away. Significant vulnerabilities bear a striking resemblance to viruses like COVID-19. Is COVID-19 … Continue reading Why the Log4Shell vulnerability will never become yesterday’s news
(Originally published in SC Magazine) News came out last week that Zola had been the latest victim of a credential stuffing attack. The fancy name credential stuffing simply means that the attacker accesses a database of log-ins and passwords stolen from other sources and tries to use the same log-ins and passwords on other sites, such as Zola. … Continue reading The Zola credential stuffing attack: Who’s to blame?
I am continuously working on the content for Invicti Learn – an encyclopaedia-like project that aims to cover as many topics as possible related to web application security. https://www.invicti.com/learn/