ROI - resized

The ROI of Protecting Against Cross-Site Scripting

The ways in which your organization can be damaged by cross-site scripting (XSS) attacks are endless. Apart from the damage it can cause on its own, successful cross-site scripting can be used as a platform for delivering even more devastating … [+]

Non-Persistent XSS blog post image

Non-Persistent Cross-Site Scripting

Non-Persistent cross-site scripting (XSS), also known as Reflected XSS, is one of the three major categories of XSS attacks, the others are; persistent (or Stored) XSS and DOM-based XSS.  In general, XSS attacks are based on the victim’s browser trust … [+]

Click here

ClickJacking and Blind XSS

What you see is NOT what you get! In essence, ClickJacking (or UI redressing) is a technique used by attackers to trick users into clicking on malicious web pages that they wouldn’t have accessed otherwise, by overlaying them on apparently … [+]


Universal Cross-Site Scripting (UXSS): The Making of a Vulnerability

What is Universal Cross-Site Scripting (UXSS)? Common cross-site scripting (XSS) attacks target websites or web applications that are vulnerable to XSS, because of inadequate development of client-side or server-side code. These attacks have the vulnerable web page as main prerequisite, … [+]

Communicating with Management 3

Communicating with Management about Web Security, Part 3 – Getting and Keeping Your Message Out There

We’ve all seen it. Apathy and disinterest are the name of the game with web security until a business deal is threatened, a data breach occurs, or an auditor reports something negative to the board and management is called on … [+]

data target -resized

Top Targets of Blind XSS

Web-based security threats are a popular topic and you can easily find related information, including on cross-site scripting and one of its important flavors, Blind XSS. However, although this information is usually delivered at a high level of detail, the … [+]

Communicating with Management 2

Communicating with Management about Web Security, Part 2 – Prioritization and Sending the Right Message

Have you ever noticed that many people aren’t motivated to do things until there’s a pressing need that’s often personal in nature? It’s the way the world works. In fact, the fear of loss and the desire for gain are … [+]

7 Surefire Ways To Get Your Website Hacked

7 Sure-fire Ways to Get Your Website Hacked

Hackers exploit vulnerable systems – and unprepared individuals – to access trade and commercial secrets, damage or gain control of national assets of strategic importance, publicly embarrass top brands, and wreak general havoc with considerable financial, social and economic repercussions. … [+]

Communicating with Management 1

Communicating with Management about Web Security, Part 1 – Knowing What You’re Up Against

Nothing in life is more important than the ability to communicate effectively. That’s what former U.S. President Gerald Ford once said and I can’t stress enough how impactful that message can be on our web security efforts. Whether we’re trying … [+]

Acunetix Web Vulnerability Scanner v9, build 20131216 includes a new PCI 3.0 compliance report and several new tests

The Chronicles of DOM-based XSS

A brief overview of DOM-based XSS DOM-based XSS is a form of cross-site-scripting attack in which an attacker executes an attack vector through the modification of the browser’s Document Object Model (DOM) environment. Unlike stored (persistent) or reflected XSS variants, … [+]