In recent years, several researches have been published about attacks deliberately or directly related to reverse proxies. While implementing various reverse-proxy checks on the scanner, I started analyzing implementations of reverse proxies. Initially, I wanted to analyze how both reverse proxies and web servers parse…
Scanning applications that make use of Single Sign-On (SSO)
Single Sign-On (SSO) is a service which allows users to have one set of login credentials to access multiple web applications. SSO allows a user to log in once and gain access to various applications, without the need to re-enter login credentials at each application….
Application Security Weekly: Reverse Proxies Using Weblogic, Tomcat, and Nginx
Aleksei Tiurin, Senior Security Researcher for Acunetix joins Paul’s Application Security Weekly show, for a technical segment on reverse proxies using weblogic, Tomcat, and Nginx.
How to Stop Old, Backup and Unreferenced Files from Leaking Sensitive Information
The very real threat of information disclosure by means of inadvertent exposure of sensitive files has been a constant source of woe for corporations and individuals alike. Despite having the potential for serious repercussions including legal ones, many webmasters, administrators and developers have struggled to…
How to Verify a Cross-site Scripting Vulnerability
Analyzing web application vulnerabilities discovered by an automated scanner such as Acunetix often requires us to investigate further. This is in order to: Verify the vulnerability exists in the context of the application. Adjust the vulnerability payload reported by the scanner to something more invasive…
Session Detection: What to do if the LSR fails to identify a session pattern
Session Detection is the final step in the configuration of the Login Sequence Recorder (LSR). A valid Session Pattern is vital for a successful scan, as with it the scanner is able to identify whether it is authenticated or not. During a scan, the session…
Aleksei Tiurin Speaker at the OWASP Malta Chapter Meeting
Aleksei “GreenDog” Tiurin, Senior Security Researcher at Acunetix was one of the speakers at this year’s OWASP Malta Chapter held on Wednesday 19th December 2018. His lecture entitled “Reverse Proxies & Inconsistency” looked at the general processes and intricacies of proxy operations, while demonstrating the examples…
Happy Holidays from the Acunetix Team
May we take this opportunity to wish all our customers, partners and friends all the very best for 2019! At Acunetix Christmas is a special time for all departments to get together and enjoy a festive meal. Meanwhile the Development Team have kept up their…
New build checks for vulnerabilities in Apache products, Coldfusion, ACME mini_httpd and Spring Security
Acunetix version 12 (build 12.0.181218140 – Windows and Linux) has been released. This new build checks for vulnerabilities in Apache Solr, Apache mod_jk, Coldfusion, ACME mini_httpd, Spring Security. The new build also includes a number of updates and important fixes. The new vulnerability checks, updates…