Non-Persistent cross-site scripting or non-persistent XSS, also known as Reflected XSS, is one of the three major categories of XSS attacks, the others are; persistent (or Stored) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s browser trust in a legitimate,…
ClickJacking and Blind XSS
What you see is NOT what you get! In essence, ClickJacking (or UI redressing) is a technique used by attackers to trick users into clicking on malicious web pages that they wouldn’t have accessed otherwise, by overlaying them on apparently legitimate web pages and hiding…
Acunetix Wins WindowSecurity.com Readers’ Choice Award
Acunetix WVS was selected as the 2014 Readers’ Choice Award winner in the Web Application Security category. IT consultants, IT managers, and Network and System Administrators alike voted for Acunetix WVS as their top choice for Web Application Security. WindowSecurity.com is a Microsoft Windows Security resource site, with…
Universal Cross-site Scripting (UXSS): The Making of a Vulnerability
What is Universal Cross-site Scripting (UXSS)? Common cross-site scripting (XSS) attacks target websites or web applications that are vulnerable to XSS, because of inadequate development of client-side or server-side code. These attacks have the vulnerable web page as main prerequisite, and their effect is always…
Top Targets of Blind XSS
Web-based security threats are a popular topic and you can easily find related information, including on cross-site scripting and one of its important flavors, Blind XSS. However, although this information is usually delivered at a high level of detail, the description of the possible targets…
Acunetix Launch Online Vulnerability Scanner
MALTA, March 6, 2014 — Acunetix today announced the launch of Online Vulnerability Scanner. Combining the benefits of an online solution with Acunetix’ advanced scanning and crawling technology, Acunetix OVS is meant for businesses of any size that want to protect their critical websites, web…
7 Sure-fire Ways to Get Your Website Hacked
Hackers exploit vulnerable systems – and unprepared individuals – to access trade and commercial secrets, damage or gain control of national assets of strategic importance, publicly embarrass top brands, and wreak general havoc with considerable financial, social and economic repercussions. Yet, notwithstanding the barrage of…
The Chronicles of DOM-based XSS
A brief overview of DOM-based XSS DOM-based XSS is a form of cross-site-scripting attack in which an attacker executes an attack vector through the modification of the browser’s Document Object Model (DOM) environment. Unlike stored (persistent) or reflected XSS variants, DOM-based XSS does not involve…
Cross-Site Scripting in HTTP Headers
What is XSS in HTTP Headers and How is it Different when Compared to Other XSS Attacks? When looking at various types of XSS attacks, we can easily identify the common pattern – it revolves around injecting malicious code into various areas of the HTML…