I was testing our scanner (with AcuSensor enabled) on Drupal (http://www.drupal.org) and the scanner found a possible File Inclusion vulnerability.

As you can see from the screenshot above, the GET variable q was set to start/../../xxx\..\..\end …

Acunetix WVS Singled Out by Network Security Administrators and Specialists
London, UK – 26 February 2009 – Leading Windows Security resource site, WindowSecurity.com, announced today that Acunetix Web Vulnerability Scanner was selected the winner in the Web Application …

While testing our AcuSensor technology, I downloaded a small PHP blog application from the internet. The installation went smoothly. This particular application was not using a database but it was storing everything in text files. …

To address a large number of security concerns, it is often recommended that web applications make effective use of “the principle of least privilege“. The idea is that one should only grant the privileges on …

In just 2 weeks, we released an updated version of Acunetix WVS version 6 to address issues reported in an independent web scanner comparison report published by Ananta. What’s for sure is that now we …

The recent compromise of Kaspersky’s support database left the company with a bit of explaining to do. The hacker published a blog post on hackersblog detailing stunts with Kaspersky’s USA support website. Kaspersky also published their own account based on their log files and the hacker’s (nicknamed unu) blog post. The following is a summary of what happened and how such attacks can be prevented.

Today I’m going to talk about a new vulnerability which I named Remote XSL Inclusion.  I didn’t find any references on the internet about this vulnerability, which I found while auditing some PHP code for …