The term cookie poisoning is used in different contexts to describe attacks that aim to manipulate, intercept, or forge the content of HTTP cookies. Cookie poisoning attacks are different types of attacks that can affect both the client-side application, data transmission, or the web server….
How and Why to Avoid Unvalidated Redirects and Forwards?
Unvalidated redirects and forwards cannot harm your website or web application but they can harm your reputation by helping attackers lure users to malware sites. If you allow unvalidated redirects and forwards, your website or web application will most probably be used in phishing scams….
What Is Integer Overflow? – Consequences & Prevention
An integer overflow is a type of an arithmetic overflow error when the result of an integer operation does not fit within the allocated memory space. Instead of an error in the program, it usually causes the result to be unexpected. Integer overflows have been…
Top 10 Acunetix Blog Posts in 2019
The year 2019 has been very exciting for Acunetix with many changes and unprecedented growth. Not only did we unveil the long-awaited Acunetix 360 for our enterprise clients but we also moved to bigger offices and our team grew almost two-fold! The Acunetix engine has…
What Are JSON Injections
The term JSON injection may be used to describe two primary types of security issues: Server-side JSON injection happens when data from an untrusted source is not sanitized by the server and written directly to a JSON stream. Client-side JSON injection happens when data from…
What Is Session Fixation
Session fixation is a web attack technique. The attacker tricks the user into using a specific session ID. After the user logs in to the web application using the provided session ID, the attacker uses this valid session ID to gain access to the user’s…
How I Found an XSS in Google using Acunetix
I’m an independent security researcher and make my living mostly by cashing in on bounties. I use a lot of manual tools but I also find Acunetix very useful. Recently, I found out that Acunetix can even help me find a vulnerability in Google. Here…
What Is Cross-Frame Scripting (XFS)
Cross-Frame Scripting is a web attack technique that exploits specific browser bugs to eavesdrop on the user through JavaScript. This type of attack requires social engineering and completely depends on the browser selected by the user, therefore it is perceived as a minor web application…
Mobile App Security – Don’t Forget the APIs!
Every year more and more consumers use mobile devices to access online services. This means that every service business, and not only in the case of B2C but also B2B services, must cater to the needs of mobile device owners. However, mobile device users prefer…