Cyber Threats, Vulnerabilities, and Risks
Terms such as cyber threats, vulnerabilities, and risks are often used interchangeably and confused. This post aims to define each term, highlight how they differ, and show how they are related to one another. Cyber Threats Cyber threats, or simply threats, refer to cybersecurity circumstances... Read More → The post ... Read More
What Is a CSRF Attack
Cross-site Request Forgery (CSRF/XSRF), also sometimes called sea surf or session riding, refers to an attack against authenticated web applications using cookies. The attacker is able to trick the victim into making a request that the victim did not intend to make. Therefore, the attacker... Read More → The post ... Read More
What Are Email Injection Attacks
It is common practice for web pages and web applications to implement contact forms, which in turn send email messages to the intended recipients. Most of the time, such contact forms set headers. These headers are interpreted by the email library on the web server... Read More → The post ... Read More
REST API Security Testing with Acunetix
Security vulnerabilities in RESTful APIs (Application Programming Interfaces) introduce the same risks as security issues in websites and other web applications: sensitive data theft, manipulation, and more. Therefore, it is very important to know how to test them efficiently. However, some characteristics of REST APIs... Read More → The post ... Read More
Mitigate Slow HTTP GET/POST Vulnerabilities in the Apache HTTP Server
A slow HTTP Denial of Service attack (DoS), otherwise referred to as the Slowloris HTTP attack, makes use of HTTP GET requests to occupy all available HTTP connections permitted by a web server. It takes advantage of a vulnerability in thread-based web servers, which wait... Read More → The post ... Read More
What Are Injection Attacks
Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to a program. This input gets processed by an interpreter as part of a command or... Read More → The post What Are Injection Attacks appeared first on Acunetix ... Read More
What is Code Injection
Code Injection or Remote Code Execution (RCE) enables the attacker to execute malicious code as a result of an injection attack. Code Injection attacks are different than Command Injection attacks. Attacker capabilities depend on the... Read More → The post What is Code Injection appeared first on Acunetix ... Read More
What is Remote File Inclusion (RFI)?
Using Remote File Inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential consequences of a successful RFI attack range from sensitive information disclosure and Cross-site Scripting (XSS) to Remote Code Execution ... Read More
How to Prevent SQL Injection Vulnerabilities in PHP Applications
SQL Injection (SQLi) is a type of injection attack. An attacker can use it to make a web application process and execute injected SQL statements as part of an existing SQL query. This article assumes that you have a basic understanding of SQL Injection attacks and the different variations of ... Read More
What is Local File Inclusion (LFI)?
An attacker can use Local File Inclusion (LFI) to trick the web application into exposing or running files on the web server. An LFI attack may lead to information disclosure, remote code execution, or even Cross-site Scripting (XSS). Typically, LFI occurs when an application uses the path to a file ... Read More
