Acunetix | Web Security Blog

Is Your Website Hackable?

  1. Acunetix Security Hardening Guide

    A new document was prepared instead of this blog post. You can find it here.    

    Read more

    The post Acunetix Security Hardening Guide appeared first on Acunetix.

  2. Next.js middleware authorization bypass vulnerability: Are you vulnerable?

    A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summarizes what we know about CVE-2025-29927, how you can mitigate the vulnerability, and how Acunetix can help you detect and confirm your organization’s risk.

    Read more

    The post Next.js middleware authorization bypass vulnerability: Are you vulnerable? appeared first on Acunetix.

  3. Top 10 dynamic application security testing (DAST) tools for 2025

    This guide explores the top 10 DAST tools for 2025, highlighting the best commercial solutions as well as open-source options. Learn how the right tools can help you build DAST-first AppSec to secure your applications in production, integrate with DevSecOps, and minimize your web application security risk.

    Read more

    The post Top 10 dynamic application security testing (DAST) tools for 2025 appeared first on Acunetix.

  4. Understanding Injection Attacks in Application Security: Types, Tools, and Examples

    How Injection Attacks Exploit Web Application Vulnerabilities Injection attacks occur when malicious input is inserted into a web application, exploiting vulnerabilities in unvalidated user input to execute unintended commands. Attackers craft payloads that manipulate how the application processes data, often leading to unauthorized access, data...

    Read more

    The post Understanding Injection Attacks in Application Security: Types, Tools, and Examples appeared first on Acunetix.

  5. Strengthen Your Web Applications with HTTP Security Headers

    What is a HTTP security header? An HTTP security header is a response header that helps protect web applications by providing browsers with specific instructions on how to handle website content securely. These headers play a crucial role in mitigating various cyber threats, such as...

    Read more

    The post Strengthen Your Web Applications with HTTP Security Headers appeared first on Acunetix.

  6. Disabling Directory Listing on Your Web Server – And Why It Matters

    By default, some web servers allow directory listing, which means that if no default index file (such as index.html or index.php) is present, the server will display a list of all files and directories in that folder. This can expose sensitive files, scripts, and configurations,...

    Read more

    The post Disabling Directory Listing on Your Web Server – And Why It Matters appeared first on Acunetix.

  7. XSS Filter Evasion: How Attackers Bypass XSS Filters – And Why Filtering Alone Isn’t Enough

    XSS filter evasion techniques allow attackers to bypass cross-site scripting (XSS) protections designed to block malicious scripts. This article explores some of the most common filter bypass strategies, explains why relying solely on filtering is ineffective, and outlines the best practices for preventing XSS attacks....

    Read more

    The post XSS Filter Evasion: How Attackers Bypass XSS Filters – And Why Filtering Alone Isn’t Enough appeared first on Acunetix.

  8. Preventing CSRF Attacks with Anti-CSRF Tokens: Best Practices and Implementation

    The most widely used method to prevent cross-site request forgery (CSRF) attacks is the implementation of anti-CSRF tokens. These are unique values generated by a web application and validated with each request to ensure authenticity. CSRF attacks exploit a user’s active session to execute unauthorized...

    Read more

    The post Preventing CSRF Attacks with Anti-CSRF Tokens: Best Practices and Implementation appeared first on Acunetix.

  9. Mitigating Fragmented SQL Injection Attacks: Effective Solutions

    This blog post breaks down Fragmented SQL Injection, a method hackers use to bypass authentication by manipulating two different input fields at the same time. Our security expert explains why single quotes matter in SQL injection attacks and how using Prepared Statements (also called Parameterized...

    Read more

    The post Mitigating Fragmented SQL Injection Attacks: Effective Solutions appeared first on Acunetix.