Articles Archives | Acunetix https://www.acunetix.com/blog/category/articles/ Is Your Website Hackable? Thu, 13 Mar 2025 10:00:43 +0000 en-US hourly 1 Understanding Injection Attacks in Application Security: Types, Tools, and Examples https://www.acunetix.com/blog/articles/injection-attacks-application-security/ Wed, 12 Feb 2025 13:38:01 +0000 https://www.acunetix.com/?p=44064 How Injection Attacks Exploit Web Application Vulnerabilities Injection attacks occur when malicious input is inserted into a web application, exploiting vulnerabilities in unvalidated user input to execute unintended commands. Attackers craft payloads that manipulate how the application processes data, often leading to unauthorized access, data...

Read more

The post Understanding Injection Attacks in Application Security: Types, Tools, and Examples appeared first on Acunetix.

]]> Strengthen Your Web Applications with HTTP Security Headers https://www.acunetix.com/blog/articles/http-security-headers-web-applications/ Wed, 12 Feb 2025 13:35:30 +0000 https://www.acunetix.com/?p=44062 What is a HTTP security header? An HTTP security header is a response header that helps protect web applications by providing browsers with specific instructions on how to handle website content securely. These headers play a crucial role in mitigating various cyber threats, such as...

Read more

The post Strengthen Your Web Applications with HTTP Security Headers appeared first on Acunetix.

]]> Disabling Directory Listing on Your Web Server – And Why It Matters https://www.acunetix.com/blog/articles/disabling-directory-listing-web-server/ Wed, 12 Feb 2025 13:33:20 +0000 https://www.acunetix.com/?p=44060 By default, some web servers allow directory listing, which means that if no default index file (such as index.html or index.php) is present, the server will display a list of all files and directories in that folder. This can expose sensitive files, scripts, and configurations,...

Read more

The post Disabling Directory Listing on Your Web Server – And Why It Matters appeared first on Acunetix.

]]> XSS Filter Evasion: How Attackers Bypass XSS Filters – And Why Filtering Alone Isn’t Enough https://www.acunetix.com/blog/articles/xss-filter-evasion-bypass-techniques/ Wed, 12 Feb 2025 13:12:01 +0000 https://www.acunetix.com/?p=44058 XSS filter evasion techniques allow attackers to bypass cross-site scripting (XSS) protections designed to block malicious scripts. This article explores some of the most common filter bypass strategies, explains why relying solely on filtering is ineffective, and outlines the best practices for preventing XSS attacks....

Read more

The post XSS Filter Evasion: How Attackers Bypass XSS Filters – And Why Filtering Alone Isn’t Enough appeared first on Acunetix.

]]> Preventing CSRF Attacks with Anti-CSRF Tokens: Best Practices and Implementation https://www.acunetix.com/blog/articles/preventing-csrf-attacks-anti-csrf-tokens/ Wed, 12 Feb 2025 12:55:11 +0000 https://www.acunetix.com/?p=44055 The most widely used method to prevent cross-site request forgery (CSRF) attacks is the implementation of anti-CSRF tokens. These are unique values generated by a web application and validated with each request to ensure authenticity. CSRF attacks exploit a user’s active session to execute unauthorized...

Read more

The post Preventing CSRF Attacks with Anti-CSRF Tokens: Best Practices and Implementation appeared first on Acunetix.

]]> Mitigating Fragmented SQL Injection Attacks: Effective Solutions https://www.acunetix.com/blog/articles/mitigating-fragmented-sql-injection-attacks/ Wed, 12 Feb 2025 12:45:29 +0000 https://www.acunetix.com/?p=44053 This blog post breaks down Fragmented SQL Injection, a method hackers use to bypass authentication by manipulating two different input fields at the same time. Our security expert explains why single quotes matter in SQL injection attacks and how using Prepared Statements (also called Parameterized...

Read more

The post Mitigating Fragmented SQL Injection Attacks: Effective Solutions appeared first on Acunetix.

]]> JSON Web Token Attacks And Vulnerabilities https://www.acunetix.com/blog/articles/json-web-token-jwt-attacks-vulnerabilities/ Wed, 12 Feb 2025 12:40:30 +0000 https://www.acunetix.com/?p=44050 JSON Web Tokens (JWTs) are a widely used method for securely exchanging data in JSON format. Due to their ability to be digitally signed and verified, they are commonly used for authorization and authentication. However, their security depends entirely on proper implementation—when misconfigured, JWTs can...

Read more

The post JSON Web Token Attacks And Vulnerabilities appeared first on Acunetix.

]]> IP Disclosure of Servers Behind WAFs Using WordPress XML-RPC https://www.acunetix.com/blog/articles/ip-disclosure-servers-waf-wordpress-xml-rpc/ Wed, 12 Feb 2025 12:31:39 +0000 https://www.acunetix.com/?p=44047 The XML-RPC protocol was originally designed to simplify cross-platform communication between applications. However, recent security research has revealed that it can be exploited for IP disclosure attacks. This article explores how XML-RPC functions, its vulnerabilities in WordPress, and how attackers can use it to expose...

Read more

The post IP Disclosure of Servers Behind WAFs Using WordPress XML-RPC appeared first on Acunetix.

]]> Identifying WordPress Websites On Local Networks (behind Firewalls) and Bruteforcing the Login Pages https://www.acunetix.com/blog/articles/identify-wordpress-sites-local-networks-bruteforce-logins/ Wed, 12 Feb 2025 11:46:54 +0000 https://www.acunetix.com/?p=44044 This article explores how attackers can leverage the XSHM attack to detect WordPress sites operating within internal networks or behind firewalls. It also demonstrates how this method can be used to carry out brute-force login attempts on these protected installations. According to statistics from w3techs,...

Read more

The post Identifying WordPress Websites On Local Networks (behind Firewalls) and Bruteforcing the Login Pages appeared first on Acunetix.

]]>