In part 3 of this series, we looked at ways in which a hacker can keep web shells under the radar. In part 4 of this series, we’ll be looking at web shells in action by using Weevely as an example. Weevely is a lightweight…
Web Shell Detection and Prevention (Web Shells Part 5)
In part 4 of this series, we looked at web shells in action by using Weevely as an example. In the final part of this series, we’ll be looking at web shell detection and how to prevent their use. Detection If an administrator suspects that a…
NoSQL Injections and How to Avoid Them
A NoSQL injection vulnerability is an error in a web application that uses a NoSQL database. This web application security issue lets a malicious party bypass authentication, extract data, modify data, or even gain complete control over the application. NoSQL injection attacks are the result…
Scanning OWASP Juice Shop with Acunetix
Juice Shop is an intentionally vulnerable web application developed by OWASP for educational purposes. We will go through the steps of deploying this web application and we will run a scan on it using Acunetix as a DAST (black box) tool. The OWASP Juice Shop…
What is Remote File Inclusion (RFI)?
Using remote file inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential web security consequences of a successful RFI attack range from sensitive information disclosure and…
Scanning the DVWA Application with Acunetix
DVWA is an intentionally vulnerable web application that you can install on your server to test vulnerability scanners or to practice penetration testing. You may want to use DVWA to test the capabilities of the Acunetix vulnerability scanner and compare it to similar tools. This…
New update introduces support for Swagger 2.0, quarterly scheduled scans, and new vulnerability checks for F5 BigIP iRule, .NET, Oracle E-Business Suite, and others
Acunetix Version 13 build 13.0.200326097 for Windows and Linux has been released. This new build introduces support for Swagger 2.0 and quarterly scheduled scans. In addition, proof of exploit has been implemented for blind SQL Injection vulnerabilities, the scanning engine will now stop and report…
How to Defend against Black Hat Hackers during the COVID-19 Pandemic
The SARS-CoV-2 coronavirus outbreak and the COVID-19 illness are instrumental for cybercriminals. Both businesses and private users are a major cyberattack target due to chaos and panic that surrounds the coronavirus pandemic. Here is what we believe that organizations should do to maintain a high…
What Are Insecure Direct Object References
Insecure direct object references (IDOR) are a cybersecurity issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks. For example, an IDOR vulnerability would happen if the…