What is are DNS zone transfers (AXFR)?

DNS (Domain Name System) is one of the many systems that keeps the Internet humming and is responsible for resolving human-readable hostnames into machine-readable IP addresses. DNS servers host what are known as zones. A DNS zone is a portion of the domain name space that is served by a DNS server, and will contain Read More → The post What is are DNS zone transfers (AXFR)? appeared first on Acunetix.
Read more

Web-based attacks still reign supreme according to the EU Cybersecurity Agency

Web-based attacks and malware do not just hold the cybercrime crown, but they’re on the rise — that’s according to the latest Threat Landscape Report by the EU Agency for Network and Information Security (ENISA). In its sixth annual report, ENISA also reported that in 2017 attackers are increasing the complexity and sophistication of their Read More → The post Web-based attacks still reign supreme according to the EU Cybersecurity Agency appeared first on Acunetix.
Read more

Safely handling redirects with die() and exit() in PHP

It is frequently the case within web applications that redirects are used to direct the user to a different portion of the application. A typical example would be that of an application redirecting a user to the login page when accessing a page intended for an authenticated user if they are not currently logged in. Read More → The post Safely handling redirects with die() and exit() in PHP appeared first on Acunetix.
Read more

Domain Fronting: Poking a hole in the Whitelist for Bypassing Firewalls

Domain Fronting is a widely popular technique that is used for evading Firewalls, DPI’s and censors. Domain Fronting takes advantage of legitimate high reputation cloud providers, more specifically, Content Delivery Networks (CDN), for evasion. This technique has been commonly used in the wild to circumvent censorship or by malware for establishing a Command and Control Read More → The post Domain Fronting: Poking a hole in the Whitelist for Bypassing Firewalls appeared first on Acunetix.
Read more

What is Path Traversal?

Path Traversal, or, as it is otherwise known, Directory Traversal, refers to an attack through which an attacker may trick a web application into reading and subsequently divulging the contents of files outside of the root directory of the application, or the web server. Path Traversal attacks typically manipulate web application inputs by using the Read More → The post What is Path Traversal? appeared first on Acunetix.
Read more

What is Insecure Deserialization?

Insecure Deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized. It also occupies the #8 spot in the OWASP Top 10 2017 list. In order to understand what insecure deserialization Read More → The post What is Insecure Deserialization? appeared first on Acunetix.
Read more

OWASP Top 10 2017 Update – What You Need to Know

After the long-winding road of discussion and deliberation, revision, disagreements and adjustments, the Open Web Application Security Project (OWASP) are updating their venerable Top 10 list of the most critical web application security risks since 2013. This update brings with it three new entries to the list, based on data OWASP collected and analyzed. Here’s Read More → The post OWASP Top 10 2017 Update – What You Need to Know appeared first on Acunetix.
Read more