Website hacking attempts are no longer restricted to elite criminals

Website hacking! No longer the domain of elite cybercriminals

Many years ago it used to be that most website hacking attempts were launched by sophisticated cybercriminals, or at the very least highly talented amateurs using complex methods and tools. While this meant such attacks could be more difficult to … [+]

Server Side Request Forgery Vulnerability

Server Side Request Forgery Vulnerability

What is Server Side Request Forgery (SSRF)? Server Side Request Forgery (SSRF) is a vulnerability that appears when an attacker has the ability to create requests from the vulnerable server. Usually, Server Side Request Forgery (SSRF) attacks target internal systems … [+]

Automated Detection of Host Header Attacks

Automated Detection of Host Header Attacks

Automated scanning for certain classes of vulnerabilities is now possible with AcuMonitor, a service available for Acunetix Web Vulnerability Scanner version 9. One of these new classes of vulnerabilities is Host Header attacks. To display the contents of a website, … [+]

Detect Email Header Injection Vulnerabilities with Acunetix WVS v9

Email Header Injection Web Vulnerability

What is Email Header Injection? Email Header Injection is a web security vulnerability exploited by spammers to send email anonymously. It occurs in web applications that do not properly sanitize user input when preparing and sending email messages. Email Header … [+]

XML External Entity (XXE) Vulnerabilities

XML External Entity (XXE) Vulnerabilities

The XML standard defines a concept of an external general parsed entity (also shortened to external entity) that can access local or remote content via a declared system identifier. During XML parsing, the XML processor will replace such entities with … [+]

DOM-based Cross-Site Scripting (XSS) Explained

What is DOM XSS? In order to understand DOM XSS, we need to describe a bit what DOM is, and why is it relevant to this context. The Document Object Model is a convention for representing and working with objects … [+]

Blind XSS: The Ticking Time Bomb of XSS Attacks

Blind XSS: The Ticking Time Bomb of XSS Attacks

What is Blind XSS? Blind XSS is a flavor of cross site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a … [+]

Lessons Learned From A Web Security Breach

Lessons Learned From A Web Security Breach

There’s a lot of focus on proactive security testing and rightly so. It’s the best way to stay out of hot water. But what happens when the going gets tough and you end up missing a vulnerability that leads to … [+]

Application security calls for a proactive approach

Application Security Calls For A Proactive Approach

Error! That’s something we don’t have much room for in application security. Yet we leave so much to chance. The only reasonable way to find the flaws that matter – and to keep up – is to use automated tools … [+]

The Top 5 Network Security Vulnerabilities that Are Often Overlooked

The Top 5 Network Security Vulnerabilities that Are Often Overlooked

Your network security is just as important as securing your web site and related applications. Networks, because of the sensitive data they usually give access to, are one of the most targeted public faces of an organization. Here are the … [+]