It is frequently the case within web applications that redirects are used to direct the user to a different portion of the application. A typical example would be that of an application redirecting a user to the login page when accessing a page intended for…
PHP Security Part 4: Input Validation and PHP Configuration
Validation Validation is the process in which data is checked against specific criteria/specification. It is being used to check if the information given by a user is in the expected/correct format before it is processed. Validation is very important as if used correctly, it allows…
Changes to Network Architectures & The Security Tools required, Part 2
Part one in this two part series looked at the evolution of a network architecture and how it affects security. Here we will take a deeper look at the security tools needed to deal with these changes. The Firewall is not enough Firewalls in three-tier…
Domain Fronting: Poking a hole in the Whitelist for Bypassing Firewalls
Domain Fronting is a widely popular technique that is used for evading Firewalls, DPI’s and censors. Domain Fronting takes advantage of legitimate high reputation cloud providers, more specifically, Content Delivery Networks (CDN), for evasion. This technique has been commonly used in the wild to circumvent…
PHP Security Part 3: XSS and Password Storage
When developing a web application, it is extremely important to have security in mind and be aware of the different risks. If one does not know the risks and the mechanics behind each vulnerability, there is no way to protect against it. In Parts 1…
Evolution of the Network Architecture & How It has Affected Security, Part 1
The History of Network Architecture The goal of any network and its underlying infrastructure is simple. It is to securely transport the end user’s traffic to support an application of some kind without any packet drops which may trigger application performance problems. Here a key…
PHP Security Part 2: Directory Traversal & Code Injection
Most web vulnerabilities are a result of bad coding habits or lack of PHP security awareness by developers. The source of probably all of them relies in the fact that user input, which plays a critical role in the security of a web application, is…
PHP Security: The Big Picture
Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security always matters. No matter what programming language you use…
Acunetix President’s Club Award Winners
Big congratulations go to our President’s Club Award Winners for the months of February through to November. Awards were presented by CEO Chris Martin, during the annual Christmas Staff party. Paola Monforte Alvarez, Jon Muscat, Eric Brown, Daniel McClean, Damian Fearnley and Jean-Michel Azzopardi –…