The year 2019 has been very exciting for Acunetix with many changes and unprecedented growth. Not only did we unveil the long-awaited Acunetix 360 for our enterprise clients but we also moved to bigger offices and our team grew almost two-fold!
The Acunetix engine has also grown with us, introducing some interesting new features this year, for example, a new scanning algorithm that prioritizes unique pages to identify more vulnerabilities at the early stages of a scan. We have also progressed with our network scanning integration as well as introduced a lot of new tests.
The whole year, we have also been providing you with knowledge, interesting news, tips and tricks, and product howtos. Here are some of our most popular articles and publications for this year.
Fresh From Our Security Researchers
Our security researchers not only look for new vulnerabilities and develop efficient ways to test for vulnerabilities but also share their knowledge with you.
A Fresh Look on Reverse Proxy Related Attacks
In this detailed article, Aleksei Tiurin, our senior security researcher, explains what are reverse proxies, how they work, and how they may be abused.
Bypassing SOP Using the Browser Cache
Aleksei shares some tips and tricks on how the browser cache may be used for web attacks. It seems that what may be considered a safe place to store information is not so safe after all.
What’s Going On in the World
Our team also keeps their hand on the pulse for any interesting news related to web security. When we find such a story, we dig deep to find as much information as possible and explain the technicalities.
Mutation XSS in Google Search
In February 2019, a security researcher Masato Kinugawa discovered a Cross-site Scripting vulnerability in Google Search! If you can find a vulnerability in the world’s most popular online service, how can you be sure that your service is safe?
XML External Entity Vulnerability in Internet Explorer
XXE vulnerabilities may allow the attacker to steal private data from the user. Such a case was discovered by John Page (hyp3rlinx) in Microsoft Internet Explorer.
Never Stop Learning
Our extensive and deep technical articles that explain vulnerabilities are here to help you learn about the threats and the ways that you can protect yourself from them. They are written for people who want to expand their web security knowledge including developers, who can use them to write better code. Here are the most popular new articles this year:
All That You Need to Know About Man-in-the-Middle Attacks
In this lengthy article, we explain all types of man-in-the-middle attacks. We are proud to say that this is the most extensive article on the subject that you can find online.
What Is HSTS and Why Should I Use It?
HTTP Strict Transport Security gains in popularity and is very effective in protecting your websites and web applications against certain types of attacks. Learn what is HSTS and how you can use it efficiently.
What Is a Buffer Overflow
Buffer overflow attacks are not as common as SQL Injections or Cross-site Scripting and they don’t affect web applications directly. However, a lot of underlying web-related software is written in low-level languages and very susceptible to such attacks.
What Is OS Command Injection
OS command injection happens when an attacker injects operating system commands. They are not language-specific and may appear in all languages that let you call a system shell command: C, Java, PHP, Perl, Ruby, Python, and more.
Common Password Vulnerabilities and How to Avoid Them
Password security always was and always is a hot topic. Read about current trends and best practices. Learn how to create safe password policies as well as what software and hardware to use to ensure that your passwords are not compromised.
Test Your XSS Skills Using Vulnerable Sites
When you have enough theory and want some practice, have a look at our compiled list of currently available websites, where you can try your own skills in hacking. Here’s a list of 10 best sites to practice XSS.
Get the latest content on web security
in your inbox each week.