light-resized

Common Network Security Assessment Oversights

Network security assessments are one of the most critical exercises performed for minimizing business risks. Your time is limited. You’ve got pressure from management to get things done. There’s so much to do and not enough time to do it. … [+]

resized

Making Web Security Part of your IT Governance Program

Moving past IT compliance, IT “governance” is becoming the new area of focus in enterprises today. With compliance often being a more tactical business function, IT governance tends to operate at a higher level, especially in larger organizations. Internal audit, … [+]

security-resized

How to Take Your Network Security Assessments to the Next Level

There’s always a point in every IT professional’s career where he thinks he has everything figured out. We can get so caught up in our ways that we often overlook the fact that there are so many things we do … [+]

lightbulb

Top Network Security Flaws You’re Likely Overlooking

There’s no doubt you know your network better than anyone else. The real question is, do you know whether you’ve checked for all relevant security flaws on all of your critical systems? Odds are you haven’t but that’s okay to … [+]

puzzles---rezised

What You Need to Know About Performing Authenticated Network Security Scans

Are you scanning your network hosts for security vulnerabilities while logged in as a user? If not, you should be. Authenticated testing can add a lot of value to your overall security assessment results. You’ll find a lot more missing … [+]

scanning-resized

How to Block Automated Scanners from Scanning your Site

This blog post describes how to block automated scanners from scanning your website. This should work with any modern web scanner parsing robots.txt (all popular web scanners do this). Website owners use the robots.txt file to give instructions about their site to web robots, such … [+]

secure

AcuMonitor could have Detected PayPal’s Blind XSS Vulnerability

Vulnerability-Lab, a Germany-based security research company, recently identified an application-side validation web vulnerability, which allows an attacker to inject code in his user profile. The injected code gets executed when a PayPal employee loads the user’s details on PayPal’s backend … [+]

login

WordPress Username Enumeration using HTTP Fuzzer

In many WordPress blogs, it’s possible to enumerate WordPress users using a well-known feature/bug related to author archives. This works if the following conditions are met: WordPress permalinks are enabled. By default WordPress uses web URLs which have question marks and lots of numbers … [+]

puzzle-resized

Common Platform Enumeration (CPE) Explained

When running a Network Scan on your perimeter server using Acunetix Online Vulnerability Scanner (OVS), one of the Informational alerts shown in the scan results is the CPE Inventory. The data that is collected during the scan is aggregated using … [+]

alert--resized

Cookie Overdose

One of our customers recently reported that some parts of his site were not properly crawled by our scanner (Acunetix Web Vulnerability Scanner). Upon investigation, I found the cause of the problem. When a specific page was visited, a cookie with a random … [+]