The term sensitive data exposure means letting unauthorized parties access stored or transmitted sensitive information such as credit card numbers or passwords. Most major security breaches worldwide result in some kind of sensitive data exposure. Exploiting an attack vector such as a web vulnerability is…
Ad-hoc scanning is not enough
A web vulnerability scanner is usually perceived as an ad-hoc tool. Initially, all vulnerability scanners were such tools and current open-source web application security solutions still follow that model. However, with a major increase in the complexity and availability of web technologies, the ad-hoc model…
WAF integration: Acunetix and FortiWeb
The Acunetix API gives you the opportunity to automate tasks to increase efficiency — especially when you can accelerate integration functionality with other components of your workflow. In this example, we will build on a previous article, where we’ve shown you how to use the…
Are you afraid of security testing in the SDLC?
Opinion: DevOps are simply afraid of trying something new. They are used to Selenium tests that hog the pipelines and provide hard-to-interpret results but at the same time they often shun DAST testing, which is nowhere near as troublesome. Recently, I had an interesting discussion…
Acunetix introduces Docker support, scan statistics, and the ability to send vulnerabilities to the AWS WAF
A new Acunetix update has been released for Windows, Linux, and macOS: 14.2.210503151. This Acunetix update introduces Docker support, a new Scan Statistics page that is shown for each scan, and the ability to send vulnerability information to the AWS WAF. Customers sending vulnerabilities to…
WAF integration: Acunetix and F5 BigIP ASM
The Acunetix API gives you the opportunity to automate tasks to increase efficiency – especially when you can accelerate the integration of functionality with other components of your workflow. In this example, we will build on a previous article, where we’ve shown you how to…
Miscommunication is at the heart of AppSec challenges
Miscommunication breaks things in business. Whether it’s unintentional – based on assumptions or intentional – driven by political motivations, miscommunication is at the heart of most challenges in business today. In our line of work, there’s hardly any more obvious form of miscommunication than what…
Remote debuggers as an attack vector
Over the course of the past year, our team added many new checks to the Acunetix scanner. Several of these checks were related to the debug modes of web applications as well as components/panels used for debugging. These debug modes and components/panels often have misconfigurations,…
What is the Acunetix target knowledge base
With the latest update to Acunetix, we introduced a new feature called the target knowledge base. Every time you scan a target, Acunetix gathers and stores information about it. This information includes paths that make up the site structure, the location of forms and their…