On December 10, 2021, a serious vulnerability was discovered in the Apache Log4j framework, which is commonly used by most Java installations. The vulnerability, dubbed Log4Shell or LogJam, was identified in the NVD as CVE-2021-44228 and, to quote one of Acunetix original creators and primary…
How Acunetix addresses HTTP/2 vulnerabilities
In the latest release of Acunetix, we added support for the HTTP/2 protocol and introduced several checks specific to the vulnerabilities associated with this protocol. For example, we introduced checks for misrouting, server-side request forgery (SSRF), and web cache poisoning. In this article, we’d like…
Secure coding practices – the three key principles
All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of…
Code security is not enough!
Recently, I came across an article that referred to web application security as code security and I hope it was just a slip of the tongue. If you really think web application security is the same as code security, you are leaving a gaping hole…
What is website security – how to protect your website from hacking
You protect your every office computer with an antivirus. You install firewalls to prevent unwanted access to your network. But what do you do to secure your website? And what can happen if it’s not secured? This article is aimed at website owners that are…
You are the only one who can secure and protect your web applications
Security-related vocabulary includes a lot of words with imprecise meanings. Two such terms that give me a headache when used in the web application security context are the verbs to secure and to protect. But this headache is nothing compared to the one I get…
What government agencies need to know about CISA’s new Binding Operational Directive
The Cybersecurity and Infrastructure Security Agency (CISA) is reinforcing the nation’s cybersecurity efforts by announcing a new Binding Operational Directive (BOD) related to common vulnerabilities and exposures. Also referred to as CVEs, these publicly disclosed flaws in software open doors that attackers are able to…
Make your users part of the web security solution
Around the world today, we’re seeing instances of people being either part of the solution or part of the problem. In the context of information security, it seems we mostly witness people being part of the problem. But there’s often little discussion about people being…
Webcast Recap: Unlocking your AppSec future
There’s a progress problem in application security (AppSec). According to Cloud Security Alliance, the number of global web apps doubled in the last five years from 863 million in 2015 to 1.9 billion in 2020. Yet at the same time, developers and security practitioners are…