What is Universal Cross-site Scripting (UXSS)? Common cross-site scripting (XSS) attacks target websites or web applications that are vulnerable to XSS, because of inadequate development of client-side or server-side code. These attacks have the vulnerable web page as main prerequisite, and their effect is always…
Top Targets of Blind XSS
Web-based security threats are a popular topic and you can easily find related information, including on cross-site scripting and one of its important flavors, Blind XSS. However, although this information is usually delivered at a high level of detail, the description of the possible targets…
Acunetix Launch Online Vulnerability Scanner
MALTA, March 6, 2014 — Acunetix today announced the launch of Online Vulnerability Scanner. Combining the benefits of an online solution with Acunetix’ advanced scanning and crawling technology, Acunetix OVS is meant for businesses of any size that want to protect their critical websites, web…
7 Sure-fire Ways to Get Your Website Hacked
Hackers exploit vulnerable systems – and unprepared individuals – to access trade and commercial secrets, damage or gain control of national assets of strategic importance, publicly embarrass top brands, and wreak general havoc with considerable financial, social and economic repercussions. Yet, notwithstanding the barrage of…
The Chronicles of DOM-based XSS
A brief overview of DOM-based XSS DOM-based XSS is a form of cross-site-scripting attack in which an attacker executes an attack vector through the modification of the browser’s Document Object Model (DOM) environment. Unlike stored (persistent) or reflected XSS variants, DOM-based XSS does not involve…
Cross-Site Scripting in HTTP Headers
What is XSS in HTTP Headers and How is it Different when Compared to Other XSS Attacks? When looking at various types of XSS attacks, we can easily identify the common pattern – it revolves around injecting malicious code into various areas of the HTML…
Acunetix Participates in IT Partners Trade Show, Paris
Disneyland Village, Paris, played host to the 2014 IT Partners Trade show which was abuzz with over 12,400 IT professionals in attendance. The trade show was held on the 4th and 5th February 2014, and it proved to be an eventful couple of days with…
How Acunetix Compares to Other Web Application Scanners
Acunetix is once again confirmed as one of the leaders in web application scanning with a 100% detection accuracy and 0% false positives for Reflected Cross-Site Scripting and SQL Injection vulnerabilities, together with a leading WIVET assessment score. In the 2013/2014 Web Application Vulnerability Scanners…
Finding the Source of a DOM-based XSS Vulnerability with Acunetix
DOM-based XSS involves the execution of a payload as a result of modifying the DOM inside the browser used by a client side script. Since the payload resides in the DOM, the payload may not necessarily be sent to the web server. This post covers…