Web Security Blog

HTTP security headers: An easy way to harden your web applications

Modern browsers and web servers support many HTTP headers that can greatly improve web application security to protect against clickjacking, cross-site scripting, and other common types of attacks. This post provides an overview of best-practice HTTP security headers that you should be setting in your websites and applications and shows how to use DAST to make sure you’re doing it right.

NIST Cybersecurity Framework gets user-friendly: Upcoming changes in CSF v2.0

Surviving the API apocalypse: How to defeat zombie APIs

PCI DSS v4.0 makes integrated application security a compliance requirement

DAST tools are only as good as their setup and support

5 fundamental differences between DAST and penetration testing

Invicti Insights: Experiences and lessons learned from Black Hat USA 2023

Building accurate DAST into the CI/CD pipeline saves you time – and money

Cyber workforce shortages still loom large – but the cavalry is coming

SAST vs. DAST vs. IAST: Everything you always wanted to know but were afraid to AST

Invicti Insights: Lessons from high-profile breaches and security blunders

Making automated API vulnerability testing a reality

CWE Top 25 for 2023: Buffer overflows, XSS, SQL injection lead the pack