Search engine optimization poisoning (SEO poisoning) is a term used to describe two types of activities: Illegitimate techniques used to achieve high search engine ranking, usually (but not only) to attack visitors Exploiting vulnerabilities on existing high-ranking web pages and using them to spread malware…
Acunetix Takes Part in the Grid Sprint
It was a very rewarding experience for the Acunetix team, as we took part in the Grid Sprint, Malta’s largest growing outdoor sports event. The event took place on Sat, Oct 19th, 2019 and its aim was to raise awareness about mental health issues in…
Password Reset Vulnerability (Poisoning)
Most web application security vulnerabilities leverage user interaction in ways that were not initially intended by their developers. Password reset poisoning is one such vulnerability that leverages headers, such as the Host header in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice that the…
Visit Us at the Malta Cyber Security Summit 2019
Acunetix will be exhibiting at The Cyber Security Summit 2019. Join us on Wednesday, October 23, 2019, between 8.30 AM and 3.00 PM at the Westin Dragonara Resort in St Julian’s. Our team will be there to answer all your questions and talk to you…
What Is DNS Cache Poisoning
DNS cache poisoning is a type of DNS spoofing attack where the attacker stores fake data in a DNS resolver cache. All clients that use this DNS cache receive such fake data. It can be used for very effective phishing attacks (often called pharming) and…
How to Use Excluded Hours
Acunetix provides additional functionality for managing your scans. You may encounter a situation, where scans should not interfere with scheduled deployments or hinder the web application functionality during certain times. With that in mind, it is possible to configure excluded hours for Acunetix during which…
HTTP Security: A Security-Focused Introduction to HTTP
HTTP is a ubiquitous protocol and is one of the cornerstones of the web. If you are a newcomer to web application security, a sound knowledge of the HTTP protocol will make your life easier when interpreting findings by automated security tools, and it’s a…
Cybersecurity Trends 2019 – Web Security
The year 2019 so far has seen its share of major security and data breaches. Unsurprisingly, they were not caused by new cybercriminal techniques but by the same ones that have plagued information security for up to two decades. Social engineering and cyberattacks on web…
Data Breaches Due to Exposed Databases
The recent massive breach of sensitive Ecuador population data is yet another case, where there was no actual hack involved. The data owner, an Ecuadorian company Novaestrat, simply left an unsecured Elasticsearch database exposed on a publicly accessible server in Miami. The database contained data…