Blind SQL Injections are a subtype of SQL Injection vulnerabilities. Exploiting Blind SQL Injections is more difficult and more time consuming for the attacker but the consequences to web application security are similar. Successful exploitation of the database query language gives the attacker control over…
Visit Us at Global AppSec – DC
Acunetix will take part in the Global AppSec – DC Conference, organized by OWASP Foundation. Join us on Sept 11-13, 2019 at the Washington Marriott Wardman Park Hotel in the nation’s capital for the latest product demonstrations. Our sales team will be there along with…
Cyber Threats, Vulnerabilities, and Risks
Terms such as cyber threats, vulnerabilities, and risks are often used interchangeably and confused. This post aims to define each term, highlight how they differ, and show how they are related to one another. Cyber Threats Cyber threats, or simply threats, refer to cybersecurity circumstances…
7 Cybersecurity KPIs That Security Analysts Should Focus On
Being a CyberSec specialist is frustrating. It often seems like a new cybersecurity key performance indicator (KPI) is invented every week. However, there are some good reasons for this. A main source of frustration is the need for cybersecurity teams to constantly justify the cost…
Instagram Awards a $30,000 Bounty for a Serious Flaw
Laxman Muthiyah, an Indian security researcher, earned $30,000 for finding a serious flaw in the Instagram password reset mechanism. If exploited, the flaw would have let an attacker gain control over any Instagram account in 10 minutes with an investment of approximately $150. The flaw…
Misconfiguration Causes a Leak of One Hundred Million Financial Records
According to a statement by Capital One released on July 19, an unauthorized party gained access to the company’s customer data: approximately 106 million individuals in the United States and Canada. Data was stored in Amazon S3 buckets but accessed using Capital One infrastructure. Capital…
Dynamic Program Analysis and Static Code Analysis in Web Security
There are two primary approaches to analyzing the security of web applications: dynamic program analysis (dynamic application security testing – DAST), also known as black-box testing, and static code analysis (static application security testing – SAST), also known as white-box testing. Both approaches have their…
How Regular Expressions and a WAF DoS-ed Cloudflare
Cloudflare is one of the biggest providers of content delivery network services in the world. On July 2, they experienced a nearly complete service outage that affected all of their customers and lasted approximately half an hour. This unprecedented event was not a result of…
Acunetix Team Summer Get Together
The growing Acunetix team gathered to celebrate the achievements of the year in one of many beautiful venues in Malta, the Urban Valley Resort. Since our last event, the team has doubled in size! it was a great opportunity to enjoy great weather, music, food…