Password Reset Vulnerability (Poisoning)
Most web application security vulnerabilities leverage user interaction in ways that were not initially intended by their developers. Password reset poisoning is one such vulnerability that leverages headers, such as the Host header in an HTTP request: GET https://example.com/[email protected] HTTP/1.1 Host: evilhost.com Notice that the... Read More → The post ... Read More
A Security-focused Introduction to HTTP, Part 2
This is the second part of a two part series on HTTP basics. In this second part, we cover several attributes of the HTTP protocol such as encoding, HTTP headers and authentication in more detail. Query strings The query string is defined using the question mark (?) character after the ... Read More
HTTP Security: A Security-focused Introduction to HTTP, Part 1
This is the first part in a two part series on HTTP security and HTTP basics. In this first part we bring you overview of the HTTP protocol. HTTP is a ubiquitous protocol and is one of the cornerstones of the web. If you are a newcomer to web application ... Read More
Integrating Acunetix in your web application’s Jenkins Pipeline
An Acunetix scan can easily be included as part of a Jenkins Pipeline. This provides the benefit of automatically integrating the Acunetix security scan into your continuous delivery (CD) pipeline, and this can be declared as part of your project’s source code repository. Prerequisites Before you start, the Acunetix Jenkins ... Read More
What is a “Target”?
A Target is a web site, web application, server or network device that you would like to scan for security vulnerabilities using Acunetix. For licensing purposes, the following rules apply: Localhost and 127.0.0.1 consume 1 Target Domain.com and www.domain.com count as 1 Target Https and http count as 1 Target ... Read More
Domain Hijacking and Domain Spoofing
The domain name is one of the most valuable assets for a business that has a strong online presence. It is associated with a certain level of trust and a loss of a domain name can have serious consequences. However, the value of the domain... Read More → The post ... Read More
What is Cryptojacking?
Cryptocurrencies have taken the world by storm in the past few years, making it hard to miss all the buzz around Bitcoin and Blockchain technology. While the cryptocurrencies are far from new to cybercriminals, cryptojacking opens up new ways attackers can easily monetize compromised websites without the need to distribute ... Read More
