Acunetix, Author at Acunetix

Why Is Directory Listing Dangerous?

Acunetix — Mon, 25 May 2020 06:00:26 +0000

Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. It is dangerous to leave this function turned on for the web server because it leads to information disclosure. For example, when...

The post Why Is Directory Listing Dangerous? appeared first on Acunetix.

What Are Google Hacks?

Acunetix — Mon, 18 May 2020 06:00:32 +0000

The terms Google hacking, Google hacks, or Google dorking refer to attacks that use Google or another search engine to find vulnerable web servers and websites. Google hacking is based on inventing specific search queries, often using wildcards and advanced search operators (such as intitle,...

The post What Are Google Hacks? appeared first on Acunetix.

Apache Security – 10 Tips for a Secure Installation

Acunetix — Mon, 16 Mar 2020 06:00:56 +0000

The Apache web server is one of the most popular web servers available for both Windows and Linux/UNIX. At the moment, it is used to host approximately 40% of websites. It is also often described as one of the most secure web servers. In this article,...

The post Apache Security – 10 Tips for a Secure Installation appeared first on Acunetix.

Password Reset Vulnerability (Poisoning)

Acunetix — Mon, 21 Oct 2019 07:00:05 +0000

Most web application security vulnerabilities leverage user interaction in ways that were not initially intended by their developers. Password reset poisoning is one such vulnerability that leverages headers, such as the Host header in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice that the...

The post Password Reset Vulnerability (Poisoning) appeared first on Acunetix.

HTTP Security: A Security-Focused Introduction to HTTP

Acunetix — Thu, 10 Oct 2019 06:00:02 +0000

HTTP is a ubiquitous protocol and is one of the cornerstones of the web. If you are a newcomer to web application security, a sound knowledge of the HTTP protocol will make your life easier when interpreting findings by automated security tools, and it’s a...

The post HTTP Security: A Security-Focused Introduction to HTTP appeared first on Acunetix.

What Is Path Traversal?

Acunetix — Wed, 11 Sep 2019 00:00:09 +0000

Path Traversal or as it is otherwise known, Directory Traversal, refers to an attack through which an attacker may trick a web application into reading and subsequently divulging the contents of files outside of the document root directory of the application or the web server....

The post What Is Path Traversal? appeared first on Acunetix.

How To Prevent DOM-based Cross-site Scripting

Acunetix — Tue, 27 Aug 2019 07:00:49 +0000

DOM-based Cross-site Scripting (DOM XSS) is a particular type of a Cross-site Scripting vulnerability. It uses the Document Object Model (DOM), which is a standard way to represent HTML objects in a hierarchical manner. As with all other Cross-site Scripting (XSS) vulnerabilities, this type of...

The post How To Prevent DOM-based Cross-site Scripting appeared first on Acunetix.

How to Prevent Blind SQL Injections: The Basics

Acunetix — Thu, 15 Aug 2019 07:00:44 +0000

Blind SQL Injections are a subtype of SQL Injection vulnerabilities. Exploiting Blind SQL Injections is more difficult and more time consuming for the attacker but the consequences to web application security are similar. Successful exploitation of the database query language gives the attacker control over...

The post How to Prevent Blind SQL Injections: The Basics appeared first on Acunetix.

Secure Your Node.js .env Files

Acunetix — Wed, 29 May 2019 08:04:17 +0000

Node.js is an environment that helps you create server-side applications using JavaScript. One of the common Node.js elements that developers like and use are .env files. These files let you easily save and load environment variables. Developers often use them to store confidential information. However,...

The post Secure Your Node.js .env Files appeared first on Acunetix.