Acunetix version 12 (build 12.0.190515149 – Windows and Linux) has been released. This new build introduces network scanning in Acunetix on-premise, support for IPv6, improves usage of machine resources and adds support for Selenium and Burp v2 saved files as import files. There are also…
Configuring Your Web Server to Not Disclose Its Identity
If you are running a web server, it often shows the world what type of server it is, its version number, and the operating system. This information is available in header fields and can be acquired using a web browser to make a simple HTTP…
What Is Persistent XSS
Persistent Cross-site Scripting (Stored XSS) attacks represent one of three major types of Cross-site Scripting. The other two types of attacks of this kind are Non-Persistent XSS (Reflected XSS) and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate…
Why is Source Code Disclosure Dangerous?
Source code often contains some form of sensitive information. It may be configuration-related information (e.g. database credentials) or simply information about how the web application works. If source code files are disclosed, an attacker may potentially use such information to discover logical flaws. This may…
What Is HSTS and Why Should I Use It?
HSTS stands for HTTP Strict Transport Security. It is a method used by websites to declare that they should only be accessed using a secure connection (HTTPS). If a website declares an HSTS policy, the browser must refuse all HTTP connections and prevent users from…
XML External Entity Vulnerability in Internet Explorer
When exploiting a typical XML External Entity (XXE) vulnerability, the attacker attempts to gain access to the content of files on a Web server. However, XXE vulnerabilities may also allow the attacker to steal private data from the user. Such a case was recently discovered…
Bypassing SOP using the browser cache
Misconfigured caching can lead to various vulnerabilities. For example, attackers may use badly-configured intermediate servers (reverse proxies, load balancers, or cache proxies) to gain access to sensitive data. Another way to exploit caching is through Web Cache Poisoning attacks. The browser cache may look like…
Visit Us at the Malta A.I. & Blockchain Summit 2019
Acunetix will be exhibiting at the Spring Edition of the Malta A.I. & Blockchain Summit. The event will take place on May 23-24 at the Hilton Business Centre in St. Julian’s in Malta. The summit focuses on AI, Big Data, Blockchain, IoT, and Quantum Technologies…
Session Token in URL Vulnerability
The HTTP protocol and web servers are stateless by nature. This means that there is no way for them to track user activity. The web server treats every request as a new one. For this reason, browsers and web servers need to use session tokens….