The term JSON injection may be used to describe two primary types of security issues: Server-side JSON injection happens when data from an untrusted source is not sanitized by the server and written directly to a JSON stream. Client-side JSON injection happens when data from…
4 Ways to Combat the Cybersecurity Skills Gap
The lack of cybersecurity talent is nothing new. It’s a problem that all businesses have been facing for several years and it’s getting worse. There have been many proposals on how to narrow the gap, but so far all efforts have been futile. Let’s have…
What Is Session Fixation
Session fixation is a web attack technique. The attacker tricks the user into using a specific session ID. After the user logs in to the web application using the provided session ID, the attacker uses this valid session ID to gain access to the user’s…
What is GHDB (Google Hacking Database)?
The term Google hacking refers to an attack that uses a search engine like Google to find vulnerable web servers and websites. Google hacking is based on inventing specific search queries, often using advanced search operators (such as intitle, inurl, intext, filetype, and more), to locate badly configured…
How I Found an XSS in Google using Acunetix
I’m an independent security researcher and make my living mostly by cashing in on bounties. I use a lot of manual tools but I also find Acunetix very useful. Recently, I found out that Acunetix can even help me find a vulnerability in Google. Here…
What Is Cross-Frame Scripting (XFS)
Cross-Frame Scripting is a web attack technique that exploits specific browser bugs to eavesdrop on the user through JavaScript. This type of attack requires social engineering and completely depends on the browser selected by the user, therefore it is perceived as a minor web application…
Acunetix Grows the Number of Partnerships Across the Globe
One of our key goals at Acunetix is spreading web security awareness. We would be unable to do so without the support of our valuable partners. We currently work with more than 1000 companies all over the world. Our partners help us provide businesses that…
New update includes a new scanning algorithm, support for Spring Framework and new vulnerability checks for Ruby on Rails, Jira, Apache Tapestry, Golang, vBulletin, and others
Acunetix version 12 (build 12.0.191121158) has been released. This new build introduces a new scanning algorithm that removes redundant scanning tasks. In addition, the scanning tasks are prioritized in a way that gives dissimilar locations higher scanning priority, improving the time to detect dissimilar vulnerabilities….
Mobile App Security – Don’t Forget the APIs!
Every year more and more consumers use mobile devices to access online services. This means that every service business, and not only in the case of B2C but also B2B services, must cater to the needs of mobile device owners. However, mobile device users prefer…
What Is Privilege Escalation and How It Relates to Web Security
Privilege escalation, in simple words, means getting privileges to access something that should not be accessible. Attackers use various privilege escalation techniques to access unauthorized resources. For web application security, privilege escalation is an important concern because web intrusions are usually only the first stage…