What is XML External Entity (XXE)? XML External Entity Injection is often referred to as a variant of Server-side Request Forgery (SSRF). XXE leverages language parsers that parse the widely used data format, XML used in a number of common scenarios such as SOAP &…
Multi-Cloud Design: The Priority Focus Should be on Application Security, Part 1
This is part 1 of a two part series that discusses the risks involved for application security in the new multi-cloud environments. This part introduces cloud threats to the application, different types of cloud types and finally the latest multi-cloud design. Introduction The World Wide…
European Credential Theft Boom: How You Can Stay Safe
Credential theft has been a cyber-criminal staple since the early days of computing. While there have been fewer cases in the US over the past year, according to data from Blueliv we have seen a 39% spike in Europe. This massive rise should be alarming…
What is the cost of a data breach?
If your company isn’t taking important steps to protect against a potential data breach, it might be time to worry – attacks on businesses and organizations are increasing, and so are their costs. According to a new study by the Ponemon Institute, an average cost…
Deserialization vulnerabilities: attacking deserialization in JS
At ZeroNights 2017 conference, I spoke about “Deserialization vulnerabilities in various languages”. For my presentation, I used an interesting article about two serialization packages of Node.js. I showed them as examples of vulnerable implementations of deserialization processes. In this post, I’d like to show results…
What’s new in Acunetix v12
Hot on the release of Acunetix v12, check out what’s NEW in this brief presentation highlighting: Scan speed of up to 2X faster Support for latest JavaScript technologies (ES7) New AcuSensor for Java web applications Pause and Resume scan functionality Exclusion of specific paths in…
Preparing for Artificial Intelligence (AI) DDOS Attacks, Part 2
This is part-2 of a 2 part series that discusses the evolution from human to machine based DDoS attacks. It specifically delves into how to prepare for such attacks while keeping low positives and negatives to industry standard low. The Evolution of DDoS In the…
Artificial Intelligence (AI) used in DDOS Attacks, Part 1
This is part-1 of a 2 part series that discusses the use of Artificial Intelligence (AI) to compromise web applications. This part introduces the concept of AI and its use for destruction by cybercriminals. The speed at which cybersecurity has evolved over the last decade…
Virginia scanning program (VITA) uses Acunetix to slash vulnerabilities in web apps
The Virginia Information Technologies Agency (VITA) announced that it cut the number of high-risk vulnerabilities affecting its web applications by 30 percent in one year by implementing a vulnerability-scanning program that includes the use of Acunetix. VITA’s Web Application Vulnerability Scanning Program, implemented in 2016,…