HTTP Security: A Security-focused Introduction to HTTP, Part 1

| | articles, Web Security Zone
This is the first part in a two part series on HTTP security and HTTP basics. In this first part we bring you overview of the HTTP protocol. HTTP is a ubiquitous protocol and is one of the cornerstones of the web. If you are a newcomer to web application ... Read More
Integrating Acunetix in your web application’s Jenkins Pipeline

Integrating Acunetix in your web application’s Jenkins Pipeline

| | Docs & FAQs
An Acunetix scan can easily be included as part of a Jenkins Pipeline. This provides the benefit of automatically integrating the Acunetix security scan into your continuous delivery (CD) pipeline, and this can be declared as part of your project’s source code repository. Prerequisites Before you start, the Acunetix Jenkins ... Read More

What is a “Target”?

| | Docs & FAQs, ovs
A Target is a web site, web application, server or network device that you would like to scan for security vulnerabilities using Acunetix. For licensing purposes, the following rules apply: Localhost and 127.0.0.1 consume 1 Target Domain.com and www.domain.com count as 1 Target Https and http count as 1 Target ... Read More

Domain Hijacking a.k.a Domain Spoofing

| | articles, Web Security Zone
Domain hijacking, or domain spoofing is a type of attack whereby an organization’s domain is stolen by changing the registration of a domain name without prior authorization of the domain’s owner. Domain hijacking typically occurs with the intention of associating malicious content or phishing websites with a trusted, and otherwise ... Read More

What is Cryptojacking?

Cryptocurrencies have taken the world by storm in the past few years, making it hard to miss all the buzz around Bitcoin and Blockchain technology. While the cryptocurrencies are far from new to cybercriminals, cryptojacking opens up new ways attackers can easily monetize compromised websites without the need to distribute ... Read More

What is are DNS zone transfers (AXFR)?

DNS (Domain Name System) is one of the many systems that keeps the Internet humming and is responsible for resolving human-readable hostnames into machine-readable IP addresses. DNS servers host what are known as zones. A DNS zone is a portion of the domain name space that is served by a ... Read More
Web-based attacks still reign supreme according to the EU Cybersecurity Agency

Web-based attacks still reign supreme according to the EU Cybersecurity Agency

Web-based attacks and malware do not just hold the cybercrime crown, but they’re on the rise — that’s according to the latest Threat Landscape Report by the EU Agency for Network and Information Security (ENISA). In its sixth annual report, ENISA also reported that in 2017 attackers are increasing the ... Read More
Safely handling redirects with die() and exit() in PHP

Safely handling redirects with die() and exit() in PHP

It is frequently the case within web applications that redirects are used to direct the user to a different portion of the application. A typical example would be that of an application redirecting a user to the login page when accessing a page intended for an authenticated user if they ... Read More
Domain Fronting: Poking a hole in the Whitelist for Bypassing Firewalls

Domain Fronting: Poking a hole in the Whitelist for Bypassing Firewalls

Domain Fronting is a widely popular technique that is used for evading Firewalls, DPI’s and censors. Domain Fronting takes advantage of legitimate high reputation cloud providers, more specifically, Content Delivery Networks (CDN), for evasion. This technique has been commonly used in the wild to circumvent censorship or by malware for ... Read More
What is Path Traversal?

What is Path Traversal?

| | articles, Web Security Zone
Path Traversal, or, as it is otherwise known, Directory Traversal, refers to an attack through which an attacker may trick a web application into reading and subsequently divulging the contents of files outside of the root directory of the application, or the web server. Path Traversal attacks typically manipulate web ... Read More
Loading...