The spring 2022 edition of the Invicti AppSec Indicator has arrived hot off the presses, and it underscores some alarming trends for severe web vulnerabilities. The data shows that direct-impact flaws are still showing up in customer scan results at alarming rates. Worse still, these…
Critical alert – Spring4Shell RCE (CVE-2022-22965 in Spring)
On March 31, 2022, a serious zero-day vulnerability was discovered in the Spring framework core, which is an open-source framework for building enterprise Java applications. The vulnerability, dubbed Spring4Shell (similar to Log4Shell) or Springshell, was identified as CVE-2022-22965 (at the time of writing, not yet…
7 web application security best practices
To maintain the best possible security posture and protect your sensitive data against cyberattacks, you cannot just rely on security products alone. Here is a list of seven key elements that we believe should be considered in your web app security strategy. 1. Include everyone in security…
Common password vulnerabilities and how to avoid them
Weak passwords and password reuse are still some of the most serious concerns for cybersecurity. There are several ways to increase password security but they are often not adopted by users and administrators. Here’s how you can make sure that sensitive data in your web…
How often should you test your critical web applications?
When it comes to web application security, the concern is not whether you should test but, rather, how often you should test. Many people scan for web vulnerabilities using dedicated vulnerability scanners and perform manual analysis/penetration testing once per year. Some people do it once…
Trends that underscore the seriousness of the cybersecurity skill gap
It is no secret that there’s a glaring skills gap in cybersecurity. Learn more about the trends impacting AppSec success and the steps that can help bridge gaps in DevSecOps workflows. Under pressure to innovate, development outpaces security Picture this: a time-strapped engineer chasing a…
Acunetix introduces IAST updates improving vulnerability and misconfiguration detection as well as scan coverage
A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.7.220228146 This Acunetix release introduces multiple IAST updates that will help detect several high severity vulnerabilities, provide full coverage for the newly supported web frameworks, and improve the detection of server-side misconfigurations….
DevSecOps vs. SecDevOps
DevSecOps is a relatively new approach to continuous software development processes in agile environments. It is an extension of DevOps (Development + Operations) that includes the automation of security. The order of component terms in the DevSecOps name, however, may lead to incorrect application security approaches. That…
The cutting-edge conundrum: Why federal agencies can’t compromise on security
2021 was a banner year for cyberattacks, with reported breaches increasing by 68 percent. The record-breaking number of 1,862 data breaches put previous years to shame, especially considering industry-rocking incidents like Log4Shell, which had most organizations in the public and private sectors scrambling to secure…