An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks, improvements and bug fixes.
New security checks:
8.3 DOS filename source code disclosure
Apache Tomcat Directory Host Appbase authentication bypass …
Acunetix Web Vulnerability Scanner Product Releases
Technical tips and videos about Acunetix WVS and Web Security
Acunetix Company and Web Security news, & Press Releases
Acunetix Webinars and Training around the world
Everything you need to know about Web Security
Last week, Larry Suto published a report entitled “Accuracy and Time Costs of Web Application Security Scanner Report”. I’ve started to investigate in detail the results from this report. And I’ve found a list of inaccuracies. Here is a direct quote from his paper:
Methodology
In order to cover as many bases as possible it was decided to run each scanner in two ways:
1. Point and Shoot (PaS): This includes nothing more than run default scanning options and provide credentials if the scanner supported it and the site used any.
2. Trained: This includes any configurations, macros, scripts or other training determined to be required to get the best possible results. As needed help was requested from the vendors or from acquaintances with expertise in each scanner to make sure that each was given all possible opportunity to get its best possible results.
Therefore he’s defining two modes; Point and Shoot and Trained. In the Point and Shoot mode he’s supposed to use the default scanning options AND provide credentials if the scanner supported it.
Although it is not a suggested operation, yes, you can still scan a website which has URL rewrite enabled without specifying any URL rewrite rules in Acunetix Web Vulnerability Scanner. Unlike other scanners, Acunetix WVS …
An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks, improvements and bug fixes.
New security checks:
8.3 DOS filename source code disclosure
Apache Tomcat Directory Host Appbase authentication bypass …
As part of my job here at Acunetix, from time to time I analyze source code looking for security problems. Using this information I adjust Acunetix WVS to detect these problems automatically (when it’s possible).
Monday, …
The year debuted with ‘Operation Aurora‘: Google and over 30 other companies were hit by a spear phishing attack which resulted in theft of intellectual property from Google and probably other companies. Spear phishing is a targeted …
When it comes to Web security why is it we always seem to focus on layer 7 only? Sure, it can be argued that XSS, SQL injection, flawed application logic and so on are the …
The next version of Acunetix Web Vulnerability Scanner (version 7), will contain a much more improved HTTP stack. While testing, we wanted to test the new HTTP stack on as many sites as possible to …
An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks and bug fixes.
New security checks:
Test for File Upload IIS bug filename.asp;.jpg
Test for WP-Forum 2.3 vulnerabilities
JBoss rmi ping …
An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and a number of new security checks.
New security checks:
JBoss BSHDeployer MBean
JBoss checks from RedTeam’s paper
JBoss HttpAdaptor JMXInvokerServlet
JBoss …
Recently we’ve released a new build, build number 20091124. This build includes a new AcuSensor check named “curl_exec() url is controlled by user”. This new check will verify if the user can control the URL passed to curl_exec.
In …
In the spirit of improving Web application security worldwide the folks at OWASP have released the OWASP Top 10 2010 “release candidate”. It’s currently open for comments and scheduled for final release the first quarter …