Blog
New features, releases, and changelogs.
The 2025 list renumbered categories and folded SSRF into Broken Access Control. How NANOTESTING maps real findings onto it, consistently, everywhere.
Jun 18, 2026
ISO 27001, SOC 2, HIPAA, PCI — auditors do not want a vulnerability list, they want evidence mapped to their controls. Here is how every NANOTESTING scan becomes exactly that.
Jun 13, 2026
Most scans should stay non-invasive. But some bugs only show up when you send a real payload. Here is when active DAST earns its place — and how we keep it safe.
Jun 13, 2026
Not a certificate. A dated, scoped, control-by-control artifact your auditor can actually use. Here is every section and why it is there.
Jun 12, 2026
CVSS alone tells you which findings are theoretically bad. KEV + EPSS tell you which are getting exploited in the wild right now. NANOTESTING ships both.
May 12, 2026
Upload (or fetch from URL) your OpenAPI spec. NANOTESTING walks every operation, runs OWASP API Top 10 authorization checks, and folds the findings into your existing report.
May 9, 2026