Ian Muscat, Author at Acunetix

What is server-side request forgery (SSRF)?

Ian Muscat — Thu, 03 Feb 2022 07:00:32 +0000

Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. SSRF...

The post What is server-side request forgery (SSRF)? appeared first on Acunetix.

What is Remote File Inclusion (RFI)?

Ian Muscat — Thu, 02 Apr 2020 06:00:40 +0000

Using remote file inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential web security consequences of a successful RFI attack range from sensitive information disclosure and...

The post What is Remote File Inclusion (RFI)? appeared first on Acunetix.

Cyber Threats, Vulnerabilities, and Risks

Ian Muscat — Thu, 08 Aug 2019 07:00:48 +0000

Terms such as cyber threats, vulnerabilities, and risks are often used interchangeably and confused. This post aims to define each term, highlight how they differ, and show how they are related to one another. Cyber Threats Cyber threats, or simply threats, refer to cybersecurity circumstances...

The post Cyber Threats, Vulnerabilities, and Risks appeared first on Acunetix.

What Is a CSRF Attack

Ian Muscat — Thu, 18 Jul 2019 07:00:57 +0000

Cross-site Request Forgery (CSRF/XSRF), also sometimes called sea surf or session riding, refers to an attack against authenticated web applications using cookies. The attacker is able to trick the victim into making a request that the victim did not intend to make. Therefore, the attacker...

The post What Is a CSRF Attack appeared first on Acunetix.

What Are Email Injection Attacks

Ian Muscat — Thu, 27 Jun 2019 07:00:23 +0000

It is common practice for web pages and web applications to implement contact forms, which in turn send email messages to the intended recipients. Most of the time, such contact forms set headers. These headers are interpreted by the email library on the web server...

The post What Are Email Injection Attacks appeared first on Acunetix.

REST API Security Testing with Acunetix

Ian Muscat — Thu, 20 Jun 2019 04:00:01 +0000

Security vulnerabilities in RESTful APIs (Application Programming Interfaces) introduce the same risks as security issues in websites and other web applications: sensitive data theft, manipulation, and more. Therefore, it is very important to know how to test them efficiently. However, some characteristics of REST APIs...

The post REST API Security Testing with Acunetix appeared first on Acunetix.

Mitigate Slow HTTP GET/POST Vulnerabilities in the Apache HTTP Server

Ian Muscat — Thu, 06 Jun 2019 08:00:01 +0000

A slow HTTP Denial of Service attack (DoS), otherwise referred to as the Slowloris HTTP attack, makes use of HTTP GET requests to occupy all available HTTP connections permitted by a web server. It takes advantage of a vulnerability in thread-based web servers, which wait...

The post Mitigate Slow HTTP GET/POST Vulnerabilities in the Apache HTTP Server appeared first on Acunetix.

Common Injection Attack Types, Examples, Prevention

Ian Muscat — Thu, 18 Apr 2019 05:55:56 +0000

Injection Attacks Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker, sometimes with the use of automated hacking software, supplies untrusted input to a program. This input gets processed by an interpreter as part of a command or...

The post Common Injection Attack Types, Examples, Prevention appeared first on Acunetix.

What is Code Injection (Remote Code Execution)

Ian Muscat — Mon, 15 Apr 2019 06:36:51 +0000

Code Injection or Remote Code Execution (RCE) enables the attacker to execute malicious code as a result of an injection attack. Code Injection attacks are different than Command Injection attacks. Attacker capabilities depend on the limits of the server-side interpreter (for example, PHP, Python, and...

The post What is Code Injection (Remote Code Execution) appeared first on Acunetix.