To understand how Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols works, you must first understand certain basic concepts. The primary mechanism used by SSL/TLS is asymmetric encryption with cipher suites. These and related terms are explained below. Encryption Encryption is the process…
TLS Security 6: Examples of TLS Vulnerabilities and Attacks
The Secure Sockets Layer (SSL) and the Transport Layer Security (TLS) cryptographic protocols have had their share of flaws like every other technology. The following are major vulnerabilities in TLS/SSL protocols. They all affect older versions of the protocol (TLSv1.2 and older). At the time…
TLS Security 2: A Brief History of SSL/TLS
The Secure Sockets Layer (SSL) protocol was first introduced by Netscape in 1994. The Internet was growing and there was a need for transport security for web browsers and for various TCP protocols. Version 1.0 of SSL was never released because it had serious security…
How to Prevent SQL Injection Vulnerabilities in PHP Applications
SQL Injection (SQLi) is a type of injection attack. An attacker can use it to make a web application process and execute injected SQL statements as part of an existing SQL query. This article assumes that you have a basic understanding of SQL Injection attacks…
New build highlights verified vulnerabilities, checks for Nagios XI RCE, Cisco ISE XSS, Rails File Content Disclosure
Acunetix version 12 (build 12.0.190325161 – Windows and Linux) has been released. This new build indicates which vulnerabilities are verified and includes vulnerability checks for RCE in Nagios XI, XSS in Cisco Identity Service Engine, Rails File Content Disclosure, Apache Solr Deserialization of untrusted data,…
Out-of-band XML External Entity (OOB-XXE)
As with many types of attacks, you can divide XML External Entity attacks (XXE attacks) into two types: in-band and out-of-band. In-band XXE attacks are more common and let the attacker receive an immediate response to the XXE payload. In the case of out-of-band XXE…
What Are XML External Entity (XXE) Attacks
An XML External Entity (XXE) attack (sometimes called an XXE injection attack) is a type of attack that abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service (DoS) as well as access…
How do I check that Acunetix crawled through the entire site?
When using Acunetix to scan for vulnerabilities, it is imperative that all locations are discoverable by DeepScan, as missing even one path will leave your application vulnerable to a potential attack. To check if Acunetix identified all the locations in your application, navigate to Scans…
RSA Conference 2019 Highlights
The Acunetix team has returned from RSA Conference 2019 held once again at the Moscone Business Centre in San Francisco. This week-long conference was attended by security professionals from around the globe. Mark Schembri and Bernhard Abele from the Acunetix Support team and Daniel Sauritch…