Practical guides and original research on dynamic application security testing, API discovery, DevSecOps, and AI-era code security.
An honest, criteria-based ranking of the top DAST tools in 2026 — including where our own product wins and loses.
Read full post → Buyer's GuideRuntime protection, testing, and discovery compared — honestly ranked across the API security category.
InsightTeamPCP's supply-chain attacks turn stolen CI/CD secrets into ransomware. Learn how DAST and API discovery shrink the blast radius of pipeline compromise.
InsightWhy static analysis is the native domain of agentic engineering: AI agents both build and rely on static analysis, powering API eNVy's rapid evolution.
AnnouncementsNightVision skills for Claude Code: four skills covering scan configuration, API discovery, finding triage, and CI/CD integration — installable in a minute.
InsightClaude Code Security is strong at code reasoning and patches. Here's how NightVision's API inventory controls and runtime DAST complement that scope.
ResearchFragGen, NightVision's fragment-based crawler upgrade, skips redundant page components — delivering 3.5x more states and 5x faster crawl efficiency.
InsightAI coding assistants create shadow APIs faster than teams can document them. Why legacy security tools fail and how code-level API discovery closes the gap.
ResearchAPI eNVy now finds authentication vulnerabilities, generates fixes with LLMs, and opens ready-to-review pull requests — in minutes instead of weeks.
ResearchNightVision's crawler now uses WebDriver BiDi network and DOM signals instead of fixed delays, so spidering captures fully rendered dynamic web apps.
InsightLegacy DAST misses undocumented APIs and breaks on modern apps. See how NightVision discovers APIs from code, then attacks them with code-traced proof.
InsightHow federal mandates from NIST, CISA, OMB, FedRAMP, and EO 14028 shape API security — and how NightVision's API eNVy plus gray-box DAST helps you comply.
ResearchWeb forms are gateways to core app features but hard for crawlers to handle. NightVision's LLM-augmented spider generates context-aware form inputs for DAST.
InsightA breakdown of six API-security approaches in 2025 — WAFs, traffic mirroring, spec linting, legacy DAST — and why hybrid DAST plus code-intelligence wins.
InsightBroken-Flask is an intentionally vulnerable Flask API whose SQL injections evade SAST, SCA, CNAPP, and traditional DAST — proving exploitability is what matters.
InsightReactive API security costs more than prevention. Learn why code-level API discovery plus CI-speed DAST fixes inactive, zombie, and shadow APIs at the source.
InsightModern DAST now runs in minutes, not hours. Eight reasons to plug dynamic security testing into CI, plus how NightVision scans at developer speed.
ResearchThe open-source NightVision MCP Server lets AI assistants like Claude and Cursor run DAST scans, discover APIs, and fetch results via natural language.
ResearchCVE-2025-29927 lets attackers bypass Next.js middleware via the x-middleware-subrequest header. NightVision's nuclei template detects it with a two-stage approach.
InsightWhy static-analysis API discovery beats the traffic-monitoring approach: faster, cheaper, complete, and it finds inactive, zombie, and shadow APIs before deployment.
Press ReleaseNightVision launches a gray-box AppSec testing solution that identifies and locates exploitable vulnerabilities in minutes, before code reaches production.
AnnouncementsNightVision has completed a SOC 2 Type II examination. Learn what a SOC 2 report is, what it covers, and why it matters for the security of your data.
Press ReleaseNightVision builds a high-powered Advisory Board and adds cybersecurity veterans John Steven and Shaun Murphy to its Board of Directors to guide AppSec growth.
AnnouncementsNightVision secures $5.4M in seed funding to build fast, easy-to-use gray-box application security testing that finds exploitable vulnerabilities pre-production.
IndustryWhy DAST is essential alongside SAST: it proves vulnerabilities exist by simulating real attacks, works with any framework, and cuts false-positive noise.
Press ReleaseNightVision releases API eNVy, an API discovery and documentation solution that uncovers shadow APIs in seconds using static analysis — no agents required.
AnnouncementsNightVision appoints Qilong Wang as VP of Engineering, bringing leadership experience from Mobi, SilverRail, Gomez, and Dynatrace to its developer-first DAST.
Run a free NightVision scan — validated findings on your own app in under 10 minutes.