Like the web itself, security scanners are advancing at a fast pace. Here are the top 5 technologies that leading security professionals are applying to stay ahead of the curve: 5. XSS Analyzer The "classic" black box approach for detecting... Continue reading

Let's see how String Analysis is used to improve the accuracy of JSA. Consider the following real-world example: var str = document.URL; var url_check = str.indexOf('login.html'); if (url_check > -1) { result = str.substring(0,url_check); result = result + 'login.jsp' +... Continue reading

The best technologies are often the ones that you, as a user, never have to worry about. They work automatically, behind the scenes, making a product or service work better. With nothing to configure, nothing new to learn. They just... Continue reading

Over the years we've had many cases where AppScan users approached our support teams with what they claimed were false positive reports. But when our security experts looked into the details, they turned out to be actual security problems. It... Continue reading

In the security industry we’ve been dealing with Cross-Site Scripting (XSS) vulnerabilities for more than a decade now. It is still the #2 web application vulnerability according to OWASP TOP 10. Our friends at IBM X-Force show that XSS vulnerabilities... Continue reading

When it comes to detecting Cross-Site Scripting (XSS), AppScan is the industry's #1 tool. Today we're making it even better. AppScan's "XSS Analyzer" is one of the most significant DAST innovations in recent years. It breaks the mold of the... Continue reading

By now you have probably heard about JSA. Introduced in AppScan Standard 8.0 in Oct '10, and now included in AppScan Enterprise 8.6, JSA is a component that does static analysis of JavaScript to detect a range of client-side security... Continue reading