The National Homeland Security Conference is sponsored by the United States National Homeland Security Association. The conference is organized annually in various US locations since 2005. Its goal is to enable local homeland security and emergency management professionals to exchange information on anything related to…
Preventing NTP Reflection Attacks
The Network Time Protocol (NTP) is the standard protocol for time synchronization in the IT industry. It is widely used by servers, mobile devices, endpoints, and network devices, irrespective of their vendor. The latest version of NTP (version 4) is defined in RFC 5905. The…
Acunetix Vulnerability Scanner Now With Network Security Scans
Seamless OpenVAS integration now also available on Windows and Linux London, UK – May 2019 – Acunetix, the pioneer in automated web application security software, has announced that Premium versions of the Acunetix Vulnerability Scanner now support network security scanning. Network security scans are possible…
New build includes new Network Scanning integration, IPv6 support, improved resource usage and many new vulnerability checks
Acunetix version 12 (build 12.0.190515149 – Windows and Linux) has been released. This new build introduces network scanning in Acunetix on-premise, support for IPv6, improves usage of machine resources and adds support for Selenium and Burp v2 saved files as import files. There are also…
Configuring Your Web Server to Not Disclose Its Identity
If you are running a web server, it often shows the world what type of server it is, its version number, and the operating system. This information is available in header fields and can be acquired using a web browser to make a simple HTTP…
What Is Persistent XSS
Persistent Cross-site Scripting (Stored XSS) attacks represent one of three major types of Cross-site Scripting. The other two types of attacks of this kind are Non-Persistent XSS (Reflected XSS) and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate…
Why is Source Code Disclosure Dangerous?
Source code often contains some form of sensitive information. It may be configuration-related information (e.g. database credentials) or simply information about how the web application works. If source code files are disclosed, an attacker may potentially use such information to discover logical flaws. This may…
What Is HSTS Used for? – problems, errors, fixes
HSTS stands for HTTP Strict Transport Security. It is a method used by websites to declare that they should only be accessed using a secure connection (HTTPS). If a website declares an HSTS policy, the browser must refuse all HTTP connections and prevent users from…
XML External Entity Vulnerability in Internet Explorer
When exploiting a typical XML External Entity (XXE) vulnerability, the attacker attempts to gain access to the content of files on a Web server. However, XXE vulnerabilities may also allow the attacker to steal private data from the user. Such a case was recently discovered…