Acunetix Vulnerability Scanner Now Also on Linux

Linux platform improves reliability, security and performance November 2018, London, UK – Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix for Linux. Known to be reliable, cost effective and secure, Linux is the server operating system of choice for many large organisations including Facebook, Twitter and Google. Acunetix […]

Read More →

How to Prevent DOM-based Cross-site Scripting

DOM-based Cross-site Scripting (from now on called DOM XSS) is a very particular variant of the Cross-site Scripting family and in web application development is generally considered the amalgamation of the following: The Document Object Model (DOM) – Acting as a standard way to represent HTML objects (i.e. <div></div>) in a hierarchical manner. Cross-site Scripting […]

Read More →

What is Password Reset Poisoning?

Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify the host […]

Read More →

New build adds detection for CSP, SRI, Node.js source disclosure and Ghostscript RCE vulnerabilities

Acunetix version 12 (build 12.0.181012141) has been released. This new build reports sites that do not implement Content Security Policy (CSP) or Subresource Integrity (SRI) and detects Node.js source disclosure, Ghostscript RCE, SSRF in Paperclip and other vulnerabilities. This new build has a good number of updates and some important fixes. Below is a full […]

Read More →

Better Web-Pentesting in Windows with AHK

Recently, I have moved to Malta. It’s quite hot here, but as I’m from colder country, I like it very much. Actually, I’m obsessed with everything hot, including hotkeys! Every pentester / researcher / bugbounter / etc has their own approach to doing things in their own work environment. So in this article I’m not […]

Read More →