Imagine you have to check for danger on the other side of an impassable mountain you cannot walk around. What would you do? A low-tech solution would be to tunnel through and have a look. Swing by swing with a pickaxe to break the stone, and then shovel by shovel to haul the broken rock away. You hope you will get there in the end, but it’s quite literally a mountain of a task. Even though you’re making progress, it’s a seemingly endless, taxing effort. Now, imagine you’re digging away, and someone comes to you with a high-tech solution: a camera drone. Boom—the task has been enormously simpli ..read more

Unique capability accelerates risk identification with proactive prioritization of web application vulnerabilities. AUSTIN, Texas—(April 23, 2024)—Invicti, the leading provider of application security testing solutions, today announced its new AI-enabled Predictive Risk Scoring capability. The feature assigns predicted risk to applications and helps organizations gain a strategic view of their overall application security risk.  Predictive Risk Scoring allows organizations to determine which web applications should be scanned first and proactively prioritize remediation efforts. This new ..read more

The NIST cybersecurity framework has been a go-to resource for defining cybersecurity strategies, policies, and activities ever since version 1.0 was published back in 2014. Originally intended specifically for US companies operating critical infrastructure, it soon gained popularity across all industries and is used by CISOs worldwide. February 2024 saw the launch of version 2.0 of the framework, renamed and restructured to bring it in line with real-life usage and modern cybersecurity challenges. Just as importantly, the NIST CSF 2.0 comes with practical implementation examples, quick start ..read more

What you need to know   The xz-utils package in versions 5.6.0 and 5.6.1 includes a malicious backdoor that could, in specific circumstances and configurations, allow remote access to SSH sessions for remote code execution (RCE) on selected Linux systems. As a precaution, all Linux users are advised to ensure their xz-utils version is earlier than 5.6.0 and downgrade if necessary, especially if running public sshd. While only a small percentage of systems worldwide could be directly vulnerable, this may change with further analysis. All signs point to a multi-year, carefully planned sup ..read more

Focused on detection and response, security leaders might not think of DAST tools as an essential component of their AppSec toolbox. All too often, external vulnerability scanning is only performed during periodic third-party tests, giving you snapshots of your security posture that can be months out of date. What if you could run your own tests as often as you need and at no extra cost per test? Welcome to fact-based application security, where a quality DAST becomes your security posture gauge. Read the Invicti white paper “DAST: The CISO’s Security Posture Gauge” Don’t take someone else’s w ..read more

AUSTIN, Texas — (March 26, 2024) — Invicti, the leading provider of application security testing solutions, today announced an integration with ServiceNow to pull scan data from Invicti’s leading DAST and IAST into ServiceNow’s Application Vulnerability Response (AVR) for a seamless experience between the two systems. The joint effort enables Invicti to create better experiences and drive value for customers built with ServiceNow. ServiceNow’s expansive partner ecosystem and new partner program is critical to support the $500 billion market opportunity for the Now Platform and associated part ..read more

Where I was born and raised, certain roles were assigned to women, and these were not even discussed. Neither my mother nor I were allowed to take our adopted dog for a walk without my father. Similarly, it was considered unusual for my mother to learn how to drive because we needed my father’s company for our city travels, especially in winter when the days grew shorter.  It wasn’t until I was older that I realized my parents didn’t openly discuss gender roles because they were trying to create space for new ideas rather than reinforce these roles. This idea of creating space for somethi ..read more

Some days, it feels like every application and system out there is getting new functionality based on large language models (LLMs). As chatbots and other AI assistants get more and more access to data and software, it’s vital to understand the security risks involved—and prompt injections are considered the number one LLM threat. In his ebook Prompt Injection Attacks on Applications That Use LLMs, Invicti’s Principal Security Researcher, Bogdan Calin, presents an overview of known prompt injection types. He also looks at possible future developments and potential mitigations. Before you dive i ..read more

The proliferation of application security testing tools in the last few years has created a lot of confusion. For some buyers as well as vendors, DAST has been erroneously relegated to a checklist item with more consideration for low cost over quality. The resulting race to the bottom is creating risk in organizations that security leaders may not be aware of. Time to set the record straight on business-critical DAST versus “check-the-box” DAST—with an infographic to show what’s what. Navigating the DAST maze First things first: dynamic application security testing (DAST) covers all types of s ..read more

AUSTIN, TX (Mar 5, 2024)—Invicti Security has named GuidePoint Security the North America region Partner of the Year in its 2023 Channel Partner Awards. Award winners for the Channel Partner Awards are recognized as Invicti’s top-performing global partners, highlighting the immense work done to cultivate a partner program that delivers best-in-class service and provides exceptional value for customers.  The prestigious award recognized GuidePoint Security’s impressive 151% year-over-year growth between 2022 and 2023 as an Invicti partner. This growth underscores their dedication to helpin ..read more