Linux platform improves reliability, security and performance November 2018, London, UK – Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix for Linux. Known to be reliable, cost effective and secure, Linux is the server operating system of choice for many large organisations including Facebook, Twitter and Google. Acunetix […]
How to Prevent DOM-based Cross-site Scripting
DOM-based Cross-site Scripting (from now on called DOM XSS) is a very particular variant of the Cross-site Scripting family and in web application development is generally considered the amalgamation of the following: The Document Object Model (DOM) – Acting as a standard way to represent HTML objects (i.e. <div></div>) in a hierarchical manner. Cross-site Scripting […]
What is Password Reset Poisoning?
Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify the host […]
Setting Up A Free TLS/SSL Certificate With “Let’s Encrypt”
SSL is short for secure sockets layer, which is an encryption standard that is used to encrypt data going between the browser in the server. In other words, an SSL protects data submitted on your site via visitors and customers. You set up SSL by adding an SSL certificate to your domain and that switches […]
What are the Challenges of Using Open Source Cybersecurity Tools?
By making their source code freely available, developers of open source software rely on the power of the wider community in order to help them audit and improve their code. Not only this but also by involving the wider community of users in the development of software, a broader spectrum of ideas is put forward […]
Hack Naked News Episode: British Airways and NewEgg Hacks
Juxin Dyrmishi Brigjaj Developer at Acunetix, joins Paul at SecurityWeekly for an expert commentary on Hack Naked News programme. Juxhin talks about the resurgence of XSS after the big British Airways and NewEgg Hack! Watch the clip below to find out how these hacks could have been avoided.
New build adds detection for CSP, SRI, Node.js source disclosure and Ghostscript RCE vulnerabilities
Acunetix version 12 (build 12.0.181012141) has been released. This new build reports sites that do not implement Content Security Policy (CSP) or Subresource Integrity (SRI) and detects Node.js source disclosure, Ghostscript RCE, SSRF in Paperclip and other vulnerabilities. This new build has a good number of updates and some important fixes. Below is a full […]
Acunetix v12 Review for Enterprise Customers on Firewall.cx
Firewall.cx first began its journey with Acunetix almost 12 years ago with its standalone Windows 98 program. The reviewer notes that the distance the web vulnerability scanner has come since then is “truly immeasurable”, managing to keep up with the competition as other companies have failed. In this detailed review, the reviewer describes the product […]
How To Protect Your Website Against A Cross-Site Scripting (XSS) Attack
One of the most common methods that hackers use/will use to attack your website is a cross-site scripting (XSS) attack. Basically, an XSS attack is where a hacker will take advantage of an XSS vulnerability to execute a malicious JavaScript when users visit your website. The consequences of an XSS attack can be very drastic, […]
Better Web-Pentesting in Windows with AHK
Recently, I have moved to Malta. It’s quite hot here, but as I’m from colder country, I like it very much. Actually, I’m obsessed with everything hot, including hotkeys! Every pentester / researcher / bugbounter / etc has their own approach to doing things in their own work environment. So in this article I’m not […]