Liferay environments face a growing volume of CVEs and limited patch paths for older versions. This guide explains which vulnerabilities matter, how they are exploited, and how Acunetix scans Liferay Portal and DXP to identify real risk. Read more The post Liferay vulnerability scanner: How to detect and remediate CVEs ... Read More

Learn how to secure Microsoft IIS with practical hardening best practices, attacker-focused insights, and continuous validation strategies. This guide covers common IIS misconfigurations, real-world exploitation techniques, and how to protect web applications running on IIS servers. Read more The post IIS security best practices: How to secure an IIS server ... Read More

SNI proxy SSRF is a lesser-known but high-impact vulnerability class where misconfigured proxies route traffic based on attacker-controlled TLS metadata. Under specific conditions, this can expose internal services and even cloud metadata endpoints in AWS and Azure. This article explains how these attacks work, when they are exploitable, and how ... Read More

Insecure direct object references (IDOR) are a type of access control vulnerability where an application exposes internal object identifiers – such as user IDs, order numbers, or file names – without verifying whether the requesting user is authorized to access them. IDOR is no longer... Read more The post What ... Read More

Understand how to correctly implement cookie security flags in modern web applications. Includes practical examples, browser behavior nuances, and guidance on HttpOnly, Secure, and SameSite settings. Read more The post Your session cookies are probably misconfigured: How to fix cookie security flags appeared first on Acunetix ... Read More

What is DAST and how does it work? Dynamic application security testing (DAST) is a cybersecurity assessment method that analyzes running applications to identify security vulnerabilities. Unlike static application security testing (SAST), which examines source code before deployment, DAST scanning simulates real-world attacks by probing... Read more The post Top ... Read More

Organizations are still learning about the capabilities of modern DAST tools and their importance for web application security. This post summarizes the Invicti crew’s impressions from it-sa Expo&Congress 2022. The post Invicti’s automated DAST turns heads at it-sa Expo&Congress 2022 appeared first on Invicti ... Read More

Cybersecurity awareness is crucial, but there’s a long way to go from awareness to action. As we wrap up Cybersecurity Awareness Month, it’s time for the next steps – and the path of least noise might just be the best way to go. The post Cybersecurity awareness is for life, ... Read More

Invicti research has revealed that releasing web applications with known vulnerabilities is almost a standard operating procedure for a large majority of organizations. The Fall 2022 edition of the Invicti AppSec Indicator shows that companies are struggling with alert noise – but also determined to get a grip on their ... Read More

Modern browsers support a wide array of HTTP headers that can improve web application security to protect against clickjacking, cross-site scripting, and other common attacks. This post provides an overview of best-practice HTTP security headers that you should be setting in your websites and applications. The post HTTP security headers: ... Read More