Author Archives Tomasz Andrzej Nidecki

THE AUTHOR

Tomasz Andrzej Nidecki
Principal Cybersecurity Writer

Tomasz Andrzej Nidecki (also known as tonid) is a Primary Cybersecurity Writer at Invicti, focusing on Acunetix. A journalist, translator, and technical writer with 25 years of IT experience, Tomasz has been the Managing Editor of the hakin9 IT Security magazine in its early years and used to run a major technical blog dedicated to email security.

What Is SEO Poisoning (Search Engine Poisoning)

Web Security Zone | October 29, 2019 by Tomasz Andrzej Nidecki

Search engine optimization poisoning (SEO poisoning) is a term used to describe two types of activities: Illegitimate techniques used to achieve high search engine ranking, usually (but not only) to attack visitors Exploiting vulnerabilities on existing high-ranking web pages and using them to spread malware…

What Is DNS Cache Poisoning

Web Security Zone | October 15, 2019 by Tomasz Andrzej Nidecki

DNS cache poisoning is a type of DNS spoofing attack where the attacker stores fake data in a DNS resolver cache. All clients that use this DNS cache receive such fake data. It can be used for very effective phishing attacks (often called pharming) and…

Cybersecurity Trends 2019 – Web Security

Web Security Zone | October 8, 2019 by Tomasz Andrzej Nidecki

The year 2019 so far has seen its share of major security and data breaches. Unsurprisingly, they were not caused by new cybercriminal techniques but by the same ones that have plagued information security for up to two decades. Social engineering and cyberattacks on web…

Data Breaches Due to Exposed Databases

Web Security Zone | October 7, 2019 by Tomasz Andrzej Nidecki

The recent massive breach of sensitive Ecuador population data is yet another case, where there was no actual hack involved. The data owner, an Ecuadorian company Novaestrat, simply left an unsecured Elasticsearch database exposed on a publicly accessible server in Miami. The database contained data…

What Is IAST (Interactive Application Security Testing)

Web Security Zone | October 1, 2019 by Tomasz Andrzej Nidecki

Interactive Application Security Testing (IAST) is a term for tools that combine the advantages of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). It is a generic cybersecurity term coined by Gartner, so IAST tools may differ a lot in their approach…

What Are DNS Zone Transfers (AXFR)

Web Security Zone | September 26, 2019 by Tomasz Andrzej Nidecki

DNS zone transfers using the AXFR protocol are the simplest mechanism to replicate DNS records across DNS servers. To avoid the need to edit information on multiple DNS servers, you can edit information on one server and use AXFR to copy information to other servers….

Red Team vs. Blue Team Exercises for Web Security

Web Security Zone | September 17, 2019 by Tomasz Andrzej Nidecki

One of the best ways to verify the security posture of a business is to perform a mock attack. This principle is behind the concept of penetration testing (manual mock attack) and vulnerability scanning (automatic mock attack). While penetration tests and vulnerability scans are performed…

Domain Hijacking and Domain Spoofing

Web Security Zone | September 12, 2019 by Tomasz Andrzej Nidecki

The domain name is one of the most valuable assets for a business that has a strong online presence. It is associated with a certain level of trust and a loss of a domain name can have serious consequences. However, the value of the domain…

What Is Same-Origin Policy

Web Security Zone | September 10, 2019 by Tomasz Andrzej Nidecki

Same-Origin Policy (SOP) is a rule enforced by web browsers, which controls access to data between websites and web applications. Without SOP, any web page would be able to access the DOM of other pages. This would let it access potentially sensitive data from another…

Take action and discover your vulnerabilities