The recent massive breach of sensitive Ecuador population data is yet another case, where there was no actual hack involved. The data owner, an Ecuadorian company Novaestrat, simply left an unsecured Elasticsearch database exposed on a publicly accessible server in Miami. The database contained data…
Using Logs to Investigate – SQL Injection Attack Example
A log file is an extremely valuable piece of information that is provided by a server. Almost all servers, services, and applications provide some sort of logging. A log file records events and actions that take place during the run time of a service or…
What Is IAST (Interactive Application Security Testing)
Interactive Application Security Testing (IAST) is a term for tools that combine the advantages of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). It is a generic cybersecurity term coined by Gartner, so IAST tools may differ a lot in their approach…
New build adds ability to scan for latest vulnerabilities, ad-blocking, session headers, and new vulnerability checks
Acunetix version 12 (build 12.0.190927120) has been released. This new build introduces a number of updates including ad-blocking in the scanner resulting in faster scans, support for Session HTTP headers, the ability to run scans for vulnerabilities introduced in the latest Acunetix update, and the…
What Are DNS Zone Transfers (AXFR)
DNS zone transfers using the AXFR protocol are the simplest mechanism to replicate DNS records across DNS servers. To avoid the need to edit information on multiple DNS servers, you can edit information on one server and use AXFR to copy information to other servers….
Global AppSec – DC by OWASP Highlights
At Acunetix we have been busy promoting our latest edition – Acunetix 360 – at various conferences, including the recently held Global AppSec – DC Conference, organized by OWASP Foundation. This comprehensive platform has been specifically designed for enterprise customers in mind. We have noted…
Acunetix Taking Part in the GITEX Technology Week
Acunetix is taking part in the 39th GITEX Technology Week in Dubai, October 6-10, 2019. GITEX Technology Week is considered to be the largest Tech Show in the Middle East, North Africa, and South Asia. It attracts more than 100,000 visitors from 140 countries. At…
Red Team vs. Blue Team Exercises for Web Security
One of the best ways to verify the security posture of a business is to perform a mock attack. This principle is behind the concept of penetration testing (manual mock attack) and vulnerability scanning (automatic mock attack). While penetration tests and vulnerability scans are performed…
Domain Hijacking and Domain Spoofing
The domain name is one of the most valuable assets for a business that has a strong online presence. It is associated with a certain level of trust and a loss of a domain name can have serious consequences. However, the value of the domain…