Mobile Security Attacks – A Glimpse from the Trenches (OWASP AppSec USA 2014 Preso Review)

At the recent OWASP AppSecUSA in Denver, Yair Amit and Adi Sharabani of Skycure presented a very informative overview of mobile security issues. There was a great deal of good material in this presentation, packed into a short period of time. The presenters divided the attacks into four overlapping areas: Physical Security Network Application Security […]


SSL Poodle Check Added to NTOSpider

This week’s “big hack” everyone is yapping about is the POODLE flaw in Secure Socket Layer (SSL 3.0). The hack is a bad one, when the attacker can get man-in-the-middle to set it up, but the need for MitM does limit the scope of this exploit. Adding the check for POODLE’s downgrade flag to our […]


NTOSpider 6.4 Now Available!

We are excited to announce a host of enhancements to NTOSpider that will further assist you in testing more of your applications in less time. Our mission is and has always been to create the most automated and accurate assessment possible even on the most modern applications. And, in this release, we further expand NTOSpider’s […]


Dynamic Application Security Testing (DAST) is Anything but Static

5 Things A Modern Scanner Must Have Dynamic Application Security Testing (DAST) solutions have been around for over a decade, so you might think the market is static. But, that’s hardly the case. Web applications and malicious hackers continue to evolve and DAST solutions need to keep pace. According to Gartner, DAST technology analyzes applications in […]


Shellshock Bash Bug – 8 Important Lessons

While Shellshock has been all over Twitter and talked about on prominent news outlets, I’m still shocked that there is comparatively less press coverage than there was for Heartbleed which was a bonafide “big story.” This is unfortunate because in some ways the Shellshock exploit is more devastating, but there are actually some good reasons […]


Fix Security Defects Earlier with NTOSpider and Selenium Integration

It’s a well-known fact that it costs less to fix security defects earlier in the software development lifecycle than later. But because most security professionals are experts in security and less familiar with applications, and QA teams are experts in applications and less familiar with security, integrating security testing earlier in the software development lifecycle […]


Hackazon, new open source vulnerable web application – Sneak Peak at AppSecUSA

I hope you’ll join me next week at AppSec USA 2014 in Denver as we unveil a new open source vulnerable web application, called Hackazon in interactive group discussion, on Friday September 19th from 8:30am – 9:15am. The talk is titled, “Hackazon: Get Your App Scanners Ready.” Many IT security professionals are concerned about their […]

Web Application Security Blog and Podcast