Path Traversal or as it is otherwise known, Directory Traversal, refers to an attack through which an attacker may trick a web application into reading and subsequently divulging the contents of files outside of the document root directory of the application or the web server….
What Is Same-Origin Policy
Same-Origin Policy (SOP) is a rule enforced by web browsers, which controls access to data between websites and web applications. Without SOP, any web page would be able to access the DOM of other pages. This would let it access potentially sensitive data from another…
Acunetix Supports a Well-Being Initiative by YMCA Malta
As a means to raise awareness about emotional well-being as well as to promote YMCA’s free psychotherapeutic and counseling services, YMCA’s ‘Know Your Wellbeing’ yoga sunset session was successfully held with over 50 participants, an amazing sunset, and the quietness of the sea on a…
Government-in-the-Middle and Its Consequences
In late July, the government of Kazakhstan attempted to perform a mass man-in-the-middle attack on Kazakh citizens. Users of all Kazakh mobile networks were asked to install a government-issued CA certificate to continue using selected sites such as Google services, Facebook, and Instagram. Under global…
New build includes support for OpenSearch and detects vulnerabilities in Oracle BI, Jira, Apache Spark, and Python Code Injection
Acunetix version 12 (build 12.0.190827161) has been released. This new build introduces a number of updates including support for OpenSearch, support for base64 encoded JSON inputs, and discovery and testing of hidden parameters. In addition, new vulnerability checks have been developed for Oracle Business Intelligence,…
How To Prevent DOM-based Cross-site Scripting
DOM-based Cross-site Scripting (DOM XSS) is a particular type of a Cross-site Scripting vulnerability. It uses the Document Object Model (DOM), which is a standard way to represent HTML objects in a hierarchical manner. As with all other Cross-site Scripting (XSS) vulnerabilities, this type of…
What Is a Reverse Shell
To gain control over a compromised system, an attacker usually aims to gain interactive shell access for arbitrary command execution. With such access, they can try to elevate their privileges to obtain full control of the operating system. However, most systems are behind firewalls and…
Black Hat USA 2019 Highlights
The Acunetix team has returned from the Black Hat USA 2019 Conference held at the Mandalay Bay, Las Vegas, on August 7-8, 2019. The conference welcomed over 20,000 security professionals from around the world. The Acunetix team held a number of product demos to introduce…
How to Prevent Blind SQL Injections: The Basics
Blind SQL Injections are a subtype of SQL Injection vulnerabilities. Exploiting Blind SQL Injections is more difficult and more time consuming for the attacker but the consequences to web application security are similar. Successful exploitation of the database query language gives the attacker control over…