Deserialization Vulnerabilities: Attacking Deserialization in JS

At ZeroNights 2017 conference, I spoke about “Deserialization vulnerabilities in various languages”. For my presentation, I used an interesting article about two serialization packages of Node.js. I showed them as examples of vulnerable implementations of deserialization processes. In this post, I’d like to show results of my own research and a new approach of attacking […]

Read More →

What’s new in Acunetix v12

Hot on the release of Acunetix v12, check out what’s NEW in this brief presentation highlighting: Scan speed of up to 2X faster Support for latest JavaScript technologies (ES7) New AcuSensor for Java web applications Pause and Resume scan functionality Exclusion of specific paths in the site’s structure directly from the UI Inclusion of Password […]

Read More →

Virginia scanning program (VITA) uses Acunetix to slash vulnerabilities in web apps

The Virginia Information Technologies Agency (VITA) announced that it cut the number of high-risk vulnerabilities affecting its web applications by 30 percent in one year by implementing a vulnerability-scanning program that includes the use of Acunetix. VITA’s Web Application Vulnerability Scanning Program, implemented in 2016, uses Acunetix to check more than 1,600 public-facing web applications […]

Read More →

Recommendations for TLS/SSL Cipher Hardening

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL) are widely used protocols designed secure the transfer of data between the client and the server through authentication, encryption and integrity. Contrary to common assumptions TLS/SSL is a not only a widely used technology in websites and web applications (using the HTTP protocol), but […]

Read More →

Sail Smooth with Cloud Threats, Part 2 – Cloud APIs

This is part-2 of a 2 part series that continues to discuss cloud threats and how they affect web applications in the cloud. The following addresses insecure API’s and Management Plane, deepening the threat landscape. Management Plane – Security Perspective The cloud API management plane is one of the most significant differences between traditional computing […]

Read More →

Domain Hijacking a.k.a Domain Spoofing

Domain hijacking, or domain spoofing is a type of attack whereby an organization’s domain is stolen by changing the registration of a domain name without prior authorization of the domain’s owner. Domain hijacking typically occurs with the intention of associating malicious content or phishing websites with a trusted, and otherwise legitimate domain. Domain hijacking typically […]

Read More →

GDPR: Data Controllers Be Prepared

As we delve deeper into the digital world of communication, from the perspective of privacy, the impact of personal data changes in proportion to the way we examine security. As organizations chime in this world, the normal methods that were employed to protect data have now become obsolete. This forces the security professionals to shift […]

Read More →