Negative Impacts of Automated Vulnerability Scanners and How to Prevent them

Automated web application vulnerability scanners are constantly being used in order to automatically identify vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection on web applications. Although automated vulnerability scanners have become an indispensable tool for pen-testers and security consultants, … [+]


BREACH attack

The BREACH attack, abbreviated from Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext, is an attack similar to the CRIME attack. Both attacks are compression side channel attacks, however CRIME targets information compressed in HTTP requests through TLS compression, … [+]

Service Side Request Forgery (SSRF) Attack Alert in Acunetix

Server Side Request Forgery (SSRF)

A Server Side Request Forgery (SSRF) attack gives an attacker the ability to use your web application to send requests to other applications running on the same machine, or to other servers which can be on the same or on … [+]

XSS Vulnerability injected through Google Analytics, executed in IOS's Gmail application

XSS Vulnerability injected through Google Analytics, executed in IOS’s Gmail application

Roy Castillo, a security researcher from the Philippines, identified a cross-site scripting (XSS) vulnerability in the Gmail application for iOS. The vulnerability was found in the mail attachment feature and needed no user interaction to be triggered. In a post … [+]