A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection ...

This “application threat modeling” analysis looks at the common attack points and yields a list of vulnerabilities that need to be fixed. The program assumes that a developer has limited ...

In web application scanning speed kills. Skipfish is very fast. One of my partners at The CISO Group , Josh Karp has been working with vulnerability scanning for over 12 years now.

Web technologies including HTML5, AJAX and SPA (single page applications) overcomplicate Web application architecture and cannot be reliably audited with old-school vulnerability scanners and ...

A new web application security scanner, developed by a former MIT student now Berkeley postdoctoral researcher, could be a real find for developers wishing to lock down bugs that live outside the ...