How to Prevent DOM-based Cross-site Scripting

DOM-based Cross-site Scripting (from now on called DOM XSS) is a very particular variant of the Cross-site Scripting family and in web application development is generally considered the amalgamation of the following: The Document Object Model (DOM) – Acting as a standard way to represent HTML objects (i.e. <div></div>) in a hierarchical manner. Cross-site Scripting […]

Read More →

What is Password Reset Poisoning?

Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify the host […]

Read More →

A Security-focused Introduction to HTTP, Part 2

This is the second part of a two part series on HTTP basics. In this second part, we cover several attributes of the HTTP protocol such as encoding, HTTP headers and authentication in more detail. Query strings The query string is defined using the question mark (?) character after the URL within an HTTP request. […]

Read More →

What is a “Target”?

A Target is a web site, web application, server or network device that you would like to scan for security vulnerabilities using Acunetix. For licensing purposes, the following rules apply: Localhost and 127.0.0.1 consume 1 Target Domain.com and www.domain.com count as 1 Target Https and http count as 1 Target Sub-domains are different targets (e.g. […]

Read More →

Domain Hijacking a.k.a Domain Spoofing

Domain hijacking, or domain spoofing is a type of attack whereby an organization’s domain is stolen by changing the registration of a domain name without prior authorization of the domain’s owner. Domain hijacking typically occurs with the intention of associating malicious content or phishing websites with a trusted, and otherwise legitimate domain. Domain hijacking typically […]

Read More →

What is Cryptojacking?

Cryptocurrencies have taken the world by storm in the past few years, making it hard to miss all the buzz around Bitcoin and Blockchain technology. While the cryptocurrencies are far from new to cybercriminals, cryptojacking opens up new ways attackers can easily monetize compromised websites without the need to distribute malware. For the uninitiated, cryptocurrencies […]

Read More →

What are DNS zone transfers (AXFR)?

DNS (Domain Name System) is one of the many systems that keeps the Internet humming and is responsible for resolving human-readable hostnames into machine-readable IP addresses. DNS servers host what are known as zones. A DNS zone is a portion of the domain name space that is served by a DNS server, and will contain […]

Read More →