Three Internet giants: Mozilla, Google, and Cloudflare, are taking steps towards securing the DNS protocol for browser users. However, the DoH (DNS over HTTPS) standard will make it difficult to supervise the domains that users connect to. This causes increasing controversies, especially in the United…
Clickjacking – What Is It and How To Defend Yourself
In a clickjacking attack, the user is tricked into interacting with a UI element that they do not see. The attacker designs a malicious page with carefully positioned visual elements. The user is lured into clicking on these elements but, in reality, unknowingly clicks on…
Billions of IoT User Records Leaked via an Unprotected Database
ORVIBO, a Chinese manufacturer of smart home devices, left an unprotected Elasticsearch database accessible online through a web interface with no authentication. The database contained more than 2 billion user records representing more than a million users of ORVIBO smart home devices worldwide. The database…
Insecure Default Password Hashing in CMSs
Christoforos Ntantogian, Stefanos Malliaros, and Christos Xenakis from the Department of Digital Systems in the University of Piraeus (Greece) conducted research on password hashing in open-source web platforms including the most popular content management systems (CMS) and web application frameworks. The results published in their…
What Is OS Command Injection
OS command injection (operating system command injection or simply command injection) is a type of an injection vulnerability. The payload injected by the attacker is executed as operating system commands. OS command injection attacks are possible only if the web application code includes operating system…
What Are Email Injection Attacks
It is common practice for web pages and web applications to implement contact forms, which in turn send email messages to the intended recipients. Most of the time, such contact forms set headers. These headers are interpreted by the email library on the web server…
Current Cybersecurity Market Strong: What’s Driving It?
Cybersecurity is a big business and it’s going to get bigger. Individual users, small business owners, and IT professionals at international corporations know that threats occur every day. Staying ahead of those threats is the only way to protect proprietary data, network integrity, and network…
REST API Security Testing with Acunetix
Security vulnerabilities in RESTful APIs (Application Programming Interfaces) introduce the same risks as security issues in websites and other web applications: sensitive data theft, manipulation, and more. Therefore, it is very important to know how to test them efficiently. However, some characteristics of REST APIs…
Test Your XSS Skills Using Vulnerable Sites
Finding and proving application security vulnerabilities requires a lot of skill. However, many of them are easy to exploit. If you want to write better code, you should know how others may prey on your mistakes. We compiled a Top-10 list of web applications that…