Web Security Zone Archives | Acunetix

Next.js middleware authorization bypass vulnerability: Are you vulnerable?

Bogdan Calin — Tue, 25 Mar 2025 14:41:06 +0000

A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summarizes what we know about CVE-2025-29927, how you can mitigate the vulnerability, and how Acunetix can help you detect and confirm your organization’s risk.

The post Next.js middleware authorization bypass vulnerability: Are you vulnerable? appeared first on Acunetix.

Top 10 dynamic application security testing (DAST) tools for 2025

Zbigniew Banach — Thu, 20 Mar 2025 11:26:23 +0000

This guide explores the top 10 DAST tools for 2025, highlighting the best commercial solutions as well as open-source options. Learn how the right tools can help you build DAST-first AppSec to secure your applications in production, integrate with DevSecOps, and minimize your web application security risk.

The post Top 10 dynamic application security testing (DAST) tools for 2025 appeared first on Acunetix.

3 reasons why DAST is the best way to begin the web application security journey

Tomasz Andrzej Nidecki — Mon, 25 Jul 2022 06:00:36 +0000

To fully secure your web applications, you need several software solutions, specialist internal resources, and external contractors. However, this means significant costs, and not everyone can afford it all at once. How should small businesses start their web application security journey? Let’s have a look...

The post 3 reasons why DAST is the best way to begin the web application security journey appeared first on Acunetix.

How scanners find vulnerabilities

Tomasz Andrzej Nidecki — Mon, 18 Jul 2022 06:00:34 +0000

DAST vulnerability scanners are not that different from virus scanners. In both cases, the goal of the software is to find something out of the ordinary in the target. A virus scanner scans a computer’s local resources and storage to find potentially malicious software. A...

The post How scanners find vulnerabilities appeared first on Acunetix.

Hackers: The third pillar of security

Tomasz Andrzej Nidecki — Mon, 27 Jun 2022 06:00:12 +0000

Every business knows that to maintain security, you need the primary pillar: the right employees. Some businesses know that these employees also need the second pillar: the right tools such as Acunetix and Invicti. However, still, not enough businesses know how to deal with hackers...

The post Hackers: The third pillar of security appeared first on Acunetix.

Red teaming – 5 tips on how to do it safely

Tomasz Andrzej Nidecki — Mon, 20 Jun 2022 06:00:27 +0000

Red team vs blue team exercises are a very effective method to evaluate the security posture of your business. However, red teaming, due to its adversarial approach, carries certain risks that must be taken into consideration, both for the red team and the target business....

The post Red teaming – 5 tips on how to do it safely appeared first on Acunetix.

Threat modeling for web application security

Tomasz Andrzej Nidecki — Mon, 13 Jun 2022 06:00:48 +0000

Threat modeling is an activity that helps you identify and mitigate threats. It’s very important because it makes you look at security risks top-down, focus on decision-making and prioritize cybersecurity decisions, and consider how you can use your resources in the best possible way. There...

The post Threat modeling for web application security appeared first on Acunetix.

Considerations for web application remediation testing

Kevin Beaver — Mon, 06 Jun 2022 07:32:58 +0000

It seems that most application security discussions revolve around initial vulnerability scanning and penetration testing. You’ve got to start somewhere. The thing is many people often stop at that point. Vulnerabilities are uncovered, results are passed along to developers, DevSecOps, or other technical staff, and...

The post Considerations for web application remediation testing appeared first on Acunetix.

Penetration testing vs vulnerability scanning

Tomasz Andrzej Nidecki — Mon, 30 May 2022 06:00:40 +0000

Businesses often perceive vulnerability scanning as an alternative to penetration testing. This perception is wrong. An organization conscious of cybersecurity must include both these activities in their business processes and make sure that they work in unison. Missing out on one of them greatly decreases...

The post Penetration testing vs vulnerability scanning appeared first on Acunetix.