scanning-resized

How to Block Automated Scanners from Scanning your Site

This blog post describes how to block automated scanners from scanning your website. This should work with any modern web scanner parsing robots.txt (all popular web scanners do this). Website owners use the robots.txt file to give instructions about their site to web robots, such … [+]

login

WordPress Username Enumeration using HTTP Fuzzer

In many WordPress blogs, it’s possible to enumerate WordPress users using a well-known feature/bug related to author archives. This works if the following conditions are met: WordPress permalinks are enabled. By default WordPress uses web URLs which have question marks and lots of numbers … [+]

alert--resized

Cookie Overdose

One of our customers recently reported that some parts of his site were not properly crawled by our scanner (Acunetix Web Vulnerability Scanner). Upon investigation, I found the cause of the problem. When a specific page was visited, a cookie with a random … [+]

tweet-deck---resized

The TweetDeck Worm: How it Worked

TweetDeck is a very popular Twitter application (with 23% market share as of June 2009). The application was acquired by Twitter on May 25, 2011. On Wednesday, the user @derGeruhn, exploited a stored XSS (cross-site scripting) vulnerability in the TweetDeck … [+]

Acunetix Web Vulnerability Scanner v9, build 20131216 includes a new PCI 3.0 compliance report and several new tests

Acunetix WVS v9.5 Build 20140602 – New Security Tests

Each Acunetix WVS update generally includes new vulnerability tests or an improvement to existing checks. This post summarizes the new security tests added in the latest Acunetix WVS update. Cross Domain Data Hijacking A website is vulnerable if an attacker can create/upload … [+]

acx_logo

More comprehensive scanning with Acunetix WVS v9.5 – Part II

In addtion to full JSON and XML support (already covered in Part I), Acunetix WVS version 9.5 includes other improvements that increase the scan coverage and improves its abilities to find vulnerabilities. In this blog post, I will cover CRUD … [+]

Scan GWT applications with Acunetix WVS

Scan Google Web Toolkit Applications with Acunetix Web Vulnerability Scanner

Google Web Toolkit (GWT) is an open source set of tools that allows web developers to create and maintain complex JavaScript front-end applications in Java, using the Java development tools of their choice. It is a development toolkit for building … [+]

Identify the Heartbleed Bug with Acunetix Vulnerability Scanner

Latest Acunetix release scans for Heartbleed Bug

Yesterday, an update has been released for Acunetix Vulnerability Scanner which includes a test for a critical OpenSSL vulnerability named The Heartbleed Bug (CVE-2014-0160). Quote from the report: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software … [+]

Automatic detection of XXE vulnerabilities in OpenID implementations using Acunetix AcuMonitor

Automatic detection of XXE vulnerabilities in OpenID implementations using Acunetix AcuMonitor

Reginaldo Silva recently uncovered a very interesting bug affecting Facebook (and received $33,500 for this discovery). The bug is caused by improper handling of XML documents in OpenID implementations causing XML External Entity Expansion vulnerabilities. He mentioned in his article … [+]