What Are Injection Attacks

Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to a program. This input gets processed by an interpreter as part of a command or query. In turn, this alters the execution of that program. Injections are amongst the oldest and most dangerous attacks aimed […]

Read More →

What is Code Injection

Code Injection or Remote Code Execution (RCE) enables the attacker to execute malicious code as a result of an injection attack. Code Injection attacks are different than Command Injection attacks. Attacker capabilities depend on the limits of the server-side interpreter (for example, PHP, Python, and more). In some cases, an attacker may be able to […]

Read More →

Mutation XSS in Google Search

Are you sure that your website is safe from Cross-site Scripting if Google Search was not for five months? On September 26, 2018, one of the developers working on the open-source Closure library (originally created by Google and used in Google Search) created a commit that removed part of input sanitization. Supposedly, this was because […]

Read More →

Recommendations for TLS/SSL Cipher Hardening

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), are widely used protocols. They were designed to secure the transfer of data between the client and the server through authentication, encryption, and integrity protection. TLS/SSL technology is commonly used in websites and web applications together with the HTTP protocol. It is also used […]

Read More →

Migrating Acunetix On-Premise to Another Server

This article explains the steps that you should take to migrate Acunetix On-Premise to another server while keeping the configuration and reports intact. This process applies to Microsoft Windows installations. Before you start the migration process, make sure to back up your Acunetix installation. You can find more information about how to backup Acunetix configuration […]

Read More →

TLS Security 1: What Is SSL/TLS

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic security protocols. They are used to make sure that network communication is secure. Their main goals are to provide data integrity and communication privacy. The SSL protocol was the first protocol designed for this purpose and TLS is its successor. SSL is now considered […]

Read More →

What is Remote File Inclusion (RFI)?

Using Remote File Inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential consequences of a successful RFI attack range from sensitive information disclosure and Cross-site Scripting (XSS) to Remote Code Execution. Remote File Inclusion attacks usually […]

Read More →

TLS Security 5: Establishing a TLS Connection

The process of establishing a secure SSL/TLS connection involves several steps. SSL/TLS security protocols use a combination of asymmetric and symmetric encryption. The client and the server must negotiate the algorithms used and exchange key information. For the purpose of explaining this complex process, we use a TLS 1.2 connection, not the most recent TLS […]

Read More →