FAQ
If you are an experience penetration tester, bug bounty hunter or have experience in web security, you probably have heard of DNS or Subdomain bruteforcing before. It is a technique often used in the reconnaissance phase of your testing to further help map out your entire attack surface. What is
An automated web security audit is a process of using scanners to scan (such as BLACKBIRD Security Scanner) and test web applications for security vulnerabilities and misconfigurations. The goal of an automated web security audit is to identify and mitigate any potential security risks before they can be exploited by
Meanwhile, it is a fact that template-based scanning gained popularity among security teams as it is an easy, fast way to perform web security audits... We are going to cover the 3 main benefits of this automated scan type and, by the end of this article, also help you set
web-security
Infrastructure Vulnerability Scanning is an automated process with its main aim to scan for security weaknesses and vulnerabilities within a network, system or application infrastructure. An IT infrastructure is often defined as every single running node, component or host that an organization or company uses to operate. Infrastructure Vulnerability Scanning
web-security
Exploring Hidden Attack Surfaces is a new blog post series curated by Nova Security for the community to help you on your way to discover any attack surfaces that most current tools are not capable of. Part 1 is dedicated to finding more subdomains so that you can have that
FAQ
A valid payment method is required to combat fraud and abuse and to prevent a single user from re-upping their subscription multiple times. Your trial is free and we will not charge you. You can always cancel your subscription on your profile before your trial period ends.
CWE-918
Server-Side Request Forgeries (SSRF) vulnerabilities arise when any kind of web service or component (like an app or API) uses your input to craft a request on behalf of the server. And this can have quite a few consequences, such as: * Make requests to any external resource on behalf of
web-security
If you've been working with software, with web & cloud services in particular. You may have heard that it is a best practice to regenerate your secrets (such as your API and encryption keys) regularly. But how often should you rotate all these credentials? It is recommended to
web-security
Why would you choose scanner XYZ over us? Good question. In this article we'll go over why you should choose us above other existing scanners. Experienced Web App Pentesters: First of all, Nova Security Scanner was developed by small team of experienced web application penetration testers. We'
web-security
One of the main differences is that On-Premise installations can cover internal networks as well but are more expensive. Whereas online or cloud-based web vulnerability scanners are only capable of reaching external services that you host but scan your web assets at a much cheaper rate. In this article, we
web-security
You probably ever had to redirect your users from your website to another third-party's site that you do not control. And because of that, you've added a function to your existing app route or endpoint that reads a (query) parameter, and redirects the user to the
web-security
A web vulnerability scanner is a tool that automates the entire process of finding security vulnerabilities in websites and other web services (like web APIs) and so on. These security vulnerabilities often get abused by bad actors for financial or personal gains. That is the reason why you should always
