Aleksei Tiurin, Senior Security Researcher for Acunetix joins Paul’s Application Security Weekly show, for a technical segment on reverse proxies using weblogic, Tomcat, and Nginx.
How to Stop Old, Backup and Unreferenced Files from Leaking Sensitive Information
The very real threat of information disclosure by means of inadvertent exposure of sensitive files has been a constant source of woe for corporations and individuals alike. Despite having the potential for serious repercussions including legal ones, many webmasters, administrators and developers have struggled to…
How to Verify a Cross-site Scripting Vulnerability
Analyzing web application vulnerabilities discovered by an automated scanner such as Acunetix often requires us to investigate further. This is in order to: Verify the vulnerability exists in the context of the application. Adjust the vulnerability payload reported by the scanner to something more invasive…
Why Scoping Cookies to Parent Domains is a Bad Idea
When dealing with Web Application vulnerability assessments, it is very common to come across scenarios where for various reasons (business or otherwise) users decide to focus entirely on Medium or High severity vulnerabilities such as SQL Injection and XML External Entity Injection. As a result,…
What is Web Cache Poisoning?
How does Caching work? All forms of Caching in computer science, whether it be CPU cache, HTTP Web Server cache, Database cache and so on, aims to speed up response times for whatever is requested. Doing so helps reduce load as much as possible on…
Paul’s Security weekly Episode: Insecure Deserialization in Java/ JVM
Aleksei Tiurin, Senior Security Researcher at Acunetix, joins Paul’s Security Weekly to talk us through “Insecure Deserialization in JAVA/JVM”! After initial extensive research in 2015, Insecure Deserialization has been a very hot topic in the Java-world. More and more deserialization vulnerabilities are found again and…
How To Clean A Hacked Installation of Nginx
There are literally hundreds of ways to secure & solidify a Nginx server after an attack. But, what does it REALLY need to be cleaned and secure? What are the essential changes you have to make to feel secure again? To answer that question, we’ll have…
Setting Up A Free TLS/SSL Certificate With “Let’s Encrypt”
SSL is short for secure sockets layer, which is an encryption standard that is used to encrypt data going between the browser in the server. In other words, an SSL protects data submitted on your site via visitors and customers. You set up SSL by…
What are the Challenges of Using Open Source Cybersecurity Tools?
By making their source code freely available, developers of open source software rely on the power of the wider community in order to help them audit and improve their code. Not only this but also by involving the wider community of users in the development…