Liferay environments face a growing volume of CVEs and limited patch paths for older versions. This guide explains which vulnerabilities matter, how they are exploited, and how Acunetix scans Liferay Portal and ...

Learn how to secure Microsoft IIS with practical hardening best practices, attacker-focused insights, and continuous validation strategies. This guide covers common IIS misconfigurations, real-world exploitation techniques, and how to protect web applications ...

SNI proxy SSRF is a lesser-known but high-impact vulnerability class where misconfigured proxies route traffic based on attacker-controlled TLS metadata. Under specific conditions, this can expose internal services and even cloud metadata ...

Insecure direct object references (IDOR) are a type of access control vulnerability where an application exposes internal object identifiers – such as user IDs, order numbers, or file names – without verifying ...

Understand how to correctly implement cookie security flags in modern web applications. Includes practical examples, browser behavior nuances, and guidance on HttpOnly, Secure, and SameSite settings. Read more The post Your session ...

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summarizes what we know about ...

What is DAST and how does it work? Dynamic application security testing (DAST) is a cybersecurity assessment method that analyzes running applications to identify security vulnerabilities. Unlike static application security testing (SAST), ...

Imagine the following situation. You work as a cybersecurity manager for a company that owns the website www.example.com. One day, your sales department receives an email from an unknown individual. The sales ...

Red team vs blue team exercises are a very effective method to evaluate the security posture of your business. However, red teaming, due to its adversarial approach, carries certain risks that must ...

It seems that most application security discussions revolve around initial vulnerability scanning and penetration testing. You’ve got to start somewhere. The thing is many people often stop at that point. Vulnerabilities are ...