7 Sure-fire Ways to Get Your Website Hacked

Hackers exploit vulnerable systems – and unprepared individuals – to access trade and commercial secrets, damage or gain control of national assets of strategic importance, publicly embarrass top brands, and wreak general havoc with considerable financial, social and economic repercussions. Yet, notwithstanding the barrage of alarming statistics coming our way and the plethora of tools […]

Read More →

The Chronicles of DOM-based XSS

A brief overview of DOM-based XSS DOM-based XSS is a form of cross-site-scripting attack in which an attacker executes an attack vector through the modification of the browser’s Document Object Model (DOM) environment. Unlike stored (persistent) or reflected XSS variants, DOM-based XSS does not involve the attack payload being placed in the server response. As […]

Read More →

Cross-Site Scripting in HTTP Headers

What is XSS in HTTP Headers and How is it Different when Compared to Other XSS Attacks? When looking at various types of XSS attacks, we can easily identify the common pattern – it revolves around injecting malicious code into various areas of the HTML pages to be rendered, so that the code gets executed […]

Read More →

How Acunetix Compares to Other Web Application Scanners

Acunetix is once again confirmed as one of the leaders in web application scanning with a 100% detection accuracy and 0% false positives for Reflected Cross-Site Scripting and SQL Injection vulnerabilities, together with a leading WIVET assessment score. In the 2013/2014 Web Application Vulnerability Scanners Benchmark, information security researcher, analyst, tool author and speaker Shay […]

Read More →

Insider Threats: Dealing with the Enemy Inside

For companies, threats come from two sources—outside the organization and inside (reads: disgruntled, unethical employees). Insider threats can be very difficult to handle and the number of annual incidents is on the rise. The insider threat can come in several forms: Employees who steal intellectual property Unhappy IT professionals who damage data and systems Professionals […]

Read More →

BREACH attack

The BREACH attack, abbreviated from Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext, is an attack similar to the CRIME attack. Both attacks are compression side channel attacks, however CRIME targets information compressed in HTTP requests through TLS compression, whilst BREACH targets information compressed in HTTP responses through HTTP compression. HTTP compression is normally […]

Read More →