The Power of Modern DAST: Miles Technologies

DAST has come a long way from its humble beginnings. Many businesses searching for web application security solutions are still apprehensive of DAST because they perceive it the way it was many years ago. DAST tools are often described as slow, not automated, not integrated,…

Read more

What Is Broken Link Hijacking

Broken link hijacking (BLH) is a type of web attack. It exploits external links that are no longer valid. If your website or web application uses resources loaded from external URLs or points to such resources and these resources are no longer there (for example…

Read more

Exploiting SSTI in Thymeleaf

One of the most comfortable ways to build web pages is by using server-side templates. Such templates let you create HTML pages that include special elements that you can fill and modify dynamically. They are easy to understand for designers and easy to maintain for…

Read more

What Is the POODLE Attack?

The POODLE attack (Padding Oracle on Downgraded Legacy Encryption) exploits a vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability lets an attacker eavesdrop on communication encrypted using SSLv3. The vulnerability is no longer present in the Transport Layer Security protocol (TLS), which is the…

Read more

Why Is Directory Listing Dangerous?

Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. It is dangerous to leave this function turned on for the web server because it leads to information disclosure. For example, when…

Read more