In the latest release of Acunetix, we added support for the HTTP/2 protocol and introduced several checks specific to the vulnerabilities associated with this protocol. For example, we introduced checks for misrouting, server-side request forgery (SSRF), and web cache poisoning. In this article, we’d like…
Acunetix introduces support for the detection of HTTP/2 vulnerabilities and improves handling of Laravel CSRF tokens
A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.6.211207099. This Acunetix release introduces support for the detection of HTTP/2 vulnerabilities. HTTP/2 is an upgrade to the HTTP protocol and is used more and more frequently. It does however introduce a…
Secure coding practices – the three key principles
All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of…
Shifting left with Acunetix Premium and GitHub
To develop an application, you usually perform multiple iterations of the following activities: Commit the source code to implement a new or changed feature or a bug fix Build the solution Deploy a test environment containing the solution Run QA tests against the test environment…
Code security is not enough!
Recently, I came across an article that referred to web application security as code security and I hope it was just a slip of the tongue. If you really think web application security is the same as code security, you are leaving a gaping hole…
What is website security – how to protect your website from hacking
You protect your every office computer with an antivirus. You install firewalls to prevent unwanted access to your network. But what do you do to secure your website? And what can happen if it’s not secured? This article is aimed at website owners that are…
You are the only one who can secure and protect your web applications
Security-related vocabulary includes a lot of words with imprecise meanings. Two such terms that give me a headache when used in the web application security context are the verbs to secure and to protect. But this headache is nothing compared to the one I get…
What government agencies need to know about CISA’s new Binding Operational Directive
The Cybersecurity and Infrastructure Security Agency (CISA) is reinforcing the nation’s cybersecurity efforts by announcing a new Binding Operational Directive (BOD) related to common vulnerabilities and exposures. Also referred to as CVEs, these publicly disclosed flaws in software open doors that attackers are able to…
Make your users part of the web security solution
Around the world today, we’re seeing instances of people being either part of the solution or part of the problem. In the context of information security, it seems we mostly witness people being part of the problem. But there’s often little discussion about people being…