In early 2021, attackers infiltrated SolarWinds software used by thousands of major businesses and organizations worldwide. This allowed malicious parties to access data owned by not just SolarWinds but everyone who used the SolarWinds solution. Such attacks are called supply chain attacks and yes, they…
Sensitive data exposure – how breaches happen
The term sensitive data exposure means letting unauthorized parties access stored or transmitted sensitive information such as credit card numbers or passwords. Most major security breaches worldwide result in some kind of sensitive data exposure. Exploiting an attack vector such as a web vulnerability is…
Ad-hoc scanning is not enough
A web vulnerability scanner is usually perceived as an ad-hoc tool. Initially, all vulnerability scanners were such tools and current open-source web application security solutions still follow that model. However, with a major increase in the complexity and availability of web technologies, the ad-hoc model…
Are you afraid of security testing in the SDLC?
Opinion: DevOps are simply afraid of trying something new. They are used to Selenium tests that hog the pipelines and provide hard-to-interpret results but at the same time they often shun DAST testing, which is nowhere near as troublesome. Recently, I had an interesting discussion…
Miscommunication is at the heart of AppSec challenges
Miscommunication breaks things in business. Whether it’s unintentional – based on assumptions or intentional – driven by political motivations, miscommunication is at the heart of most challenges in business today. In our line of work, there’s hardly any more obvious form of miscommunication than what…
Remote debuggers as an attack vector
Over the course of the past year, our team added many new checks to the Acunetix scanner. Several of these checks were related to the debug modes of web applications as well as components/panels used for debugging. These debug modes and components/panels often have misconfigurations,…
Most common security vulnerabilities – Acunetix Web Application Vulnerability Report 2021
Every year, Acunetix brings you an analysis of the most common web security vulnerabilities and network perimeter vulnerabilities. Our annual Web Application Vulnerability Report (now part of the Invicti AppSec Indicator) is based on real data taken from Acunetix Online. We randomly select websites and…
The importance of web application security for government agencies
The Race to Close Every Gap Maintaining a solid cybersecurity posture is an uphill battle to close every gap in your defenses even as new threats and attack vectors appear on what seems to be a daily basis. Recent high-profile incidents such as the SolarWinds…
Building DevSecOps when you’re stuck in waterfall development
Software Development in Public Organizations In a recent survey conducted by the Advanced Technology Academic Research Center (ATARC) in partnership with the U.S. Air Force, federal, state and local government entities were found to use a wide variety of software development methodologies. Only a third…