In late July, the government of Kazakhstan attempted to perform a mass man-in-the-middle attack on Kazakh citizens. Users of all Kazakh mobile networks were asked to install a government-issued CA certificate to continue using selected sites such as Google services, Facebook, and Instagram. Under global…
New build includes support for OpenSearch and detects vulnerabilities in Oracle BI, Jira, Apache Spark, and Python Code Injection
Acunetix version 12 (build 12.0.190827161) has been released. This new build introduces a number of updates including support for OpenSearch, support for base64 encoded JSON inputs, and discovery and testing of hidden parameters. In addition, new vulnerability checks have been developed for Oracle Business Intelligence,…
How To Prevent DOM-based Cross-site Scripting
DOM-based Cross-site Scripting (DOM XSS) is a particular type of a Cross-site Scripting vulnerability. It uses the Document Object Model (DOM), which is a standard way to represent HTML objects in a hierarchical manner. As with all other Cross-site Scripting (XSS) vulnerabilities, this type of…
What Is a Reverse Shell Attack? – Examples, Techniques, Prevention
To gain control over a compromised system, an attacker usually aims to gain interactive shell access for arbitrary command execution. With such access, they can try to elevate their privileges to obtain full control of the operating system. However, most systems are behind firewalls and…
Black Hat USA 2019 Highlights
The Acunetix team has returned from the Black Hat USA 2019 Conference held at the Mandalay Bay, Las Vegas, on August 7-8, 2019. The conference welcomed over 20,000 security professionals from around the world. The Acunetix team held a number of product demos to introduce…
How to Prevent Blind SQL Injections: The Basics
Blind SQL Injections are a subtype of SQL Injection vulnerabilities. Exploiting Blind SQL Injections is more difficult and more time consuming for the attacker but the consequences to web application security are similar. Successful exploitation of the database query language gives the attacker control over…
Visit Us at Global AppSec – DC
Acunetix will take part in the Global AppSec – DC Conference, organized by OWASP Foundation. Join us on Sept 11-13, 2019 at the Washington Marriott Wardman Park Hotel in the nation’s capital for the latest product demonstrations. Our sales team will be there along with…
Cyber Threats, Vulnerabilities, and Risks
Terms such as cyber threats, vulnerabilities, and risks are often used interchangeably and confused. This post aims to define each term, highlight how they differ, and show how they are related to one another. Cyber Threats Cyber threats, or simply threats, refer to cybersecurity circumstances…
7 Cybersecurity KPIs That Security Analysts Should Focus On
Being a CyberSec specialist is frustrating. It often seems like a new cybersecurity key performance indicator (KPI) is invented every week. However, there are some good reasons for this. A main source of frustration is the need for cybersecurity teams to constantly justify the cost…