What is CSRF (XSRF)? Cross-Site Request Forgery is a type of web attack which exploits the trust of a website in the user’s browser. In essence, the attacker manipulates the victim’s browser to send requests in the user’s name to websites that have been visited…
Latest Acunetix release scans for Heartbleed Bug
Yesterday, an update was released for Acunetix Vulnerability Scanner which includes a test for a critical OpenSSL vulnerability named The Heartbleed Bug (CVE-2014-0160). Quote from the report: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the…
Elaborate Ways to Exploit XSS: Flash Parameter Injection (FPI)
Common Cross-site scripting (XSS) attacks rely on the injection of malicious code (usually JavaScript) in HTML pages, HTML headers or page DOM. There are, however, ways of injecting malicious code in less likely, very popular and innocent-looking places, such as Flash objects. The use of…
Visit the Acunetix Stand at Infosecurity Europe 2014
Acunetix is to be exhibited in the New Exhibitor’s Zone at Infosecurity Europe at Earls Court from the 29th of April till the 1st of May. Infosecurity Europe is the largest free-to attend information security business and education event in Europe – offering attendees the…
The ROI of Protecting Against Cross-site Scripting
The ways in which your organization can be damaged by Cross-site Scripting (XSS) attacks are endless. Apart from the damage it can cause on its own, successful cross-site scripting can be used as a platform for delivering even more devastating attacks. First, the attack impacts…
Acunetix Presents at Comguard Roadshow, Qatar
The Doha Marriott Hotel, Qatar, played host to the ‘Emerging Threats: New Trends and Risk Visibility’ Comguard event for end-users, held on March 12, 2014. Acunetix was exhibited by Mr. Damian Fearnley, Regional Sales Manager for EMEA, who also presented a high-level overview of Acuentix to 40…
Non-Persistent Cross-site scripting: Non-persistent XSS
Non-Persistent cross-site scripting or non-persistent XSS, also known as Reflected XSS, is one of the three major categories of XSS attacks, the others are; persistent (or Stored) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s browser trust in a legitimate,…
ClickJacking and Blind XSS
What you see is NOT what you get! In essence, ClickJacking (or UI redressing) is a technique used by attackers to trick users into clicking on malicious web pages that they wouldn’t have accessed otherwise, by overlaying them on apparently legitimate web pages and hiding…
Acunetix Wins WindowSecurity.com Readers’ Choice Award
Acunetix WVS was selected as the 2014 Readers’ Choice Award winner in the Web Application Security category. IT consultants, IT managers, and Network and System Administrators alike voted for Acunetix WVS as their top choice for Web Application Security. WindowSecurity.com is a Microsoft Windows Security resource site, with…