Domain Fronting is a widely popular technique that is used for evading Firewalls, DPI’s and censors. Domain Fronting takes advantage of legitimate high reputation cloud providers, more specifically, Content Delivery Networks (CDN), for evasion. This technique has been commonly used in the wild to circumvent…
PHP Security Part 3: XSS and Password Storage
When developing a web application, it is extremely important to have security in mind and be aware of the different risks. If one does not know the risks and the mechanics behind each vulnerability, there is no way to protect against it. In Parts 1…
Evolution of the Network Architecture & How It has Affected Security, Part 1
The History of Network Architecture The goal of any network and its underlying infrastructure is simple. It is to securely transport the end user’s traffic to support an application of some kind without any packet drops which may trigger application performance problems. Here a key…
PHP Security Part 2: Directory Traversal & Code Injection
Most web vulnerabilities are a result of bad coding habits or lack of PHP security awareness by developers. The source of probably all of them relies in the fact that user input, which plays a critical role in the security of a web application, is…
PHP Security: The Big Picture
Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security always matters. No matter what programming language you use…
Acunetix President’s Club Award Winners
Big congratulations go to our President’s Club Award Winners for the months of February through to November. Awards were presented by CEO Chris Martin, during the annual Christmas Staff party. Paola Monforte Alvarez, Jon Muscat, Eric Brown, Daniel McClean, Damian Fearnley and Jean-Michel Azzopardi –…
What is Insecure Deserialization?
Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. It also occupies the #8 spot in the OWASP Top…
Off to the Foodbank we go!
This year Acunetix has teamed up with local charity The Foodbank at St.Andrew’s that helps individuals and families in short term crisis, through the provision of emergency food supplies. Acunetix staff collected non-perishable food items and baby products, to be delivered to the Foodbank. All staff…
Online Security: Application Security Testing – Part 2
Part 1 in this series looked at Online Security and the flawed protocols it lays upon. Online Security is complex and its underlying fabric was built without security in mind. Here we shall be exploring aspects of Application Security Testing. We live in a world…