Scanning a large website very often takes a long time. Using the default settings, Acunetix Web Vulnerability Scanner will first try to identify all the pages using various crawling techniques, and will then proceed to scan the pages that have ... [+]
Among many advanced penetration testing tools provided, Acunetix Web Vulnerability Scanner (WVS) offers you the HTTP Sniffer tool. With the HTTP Sniffer you can capture, trap, analyze and even modify any HTTP traffic that the sniffer is listening to, e.g. … [+]
Looks like the Mac is finally getting what’s been coming: malware. And lots of it just recently with the Flashback infection that apparently impacted up to 700,000 Macs. We’ve all heard it from the Mac bigots: One of the main … [+]
Web Application Firewalls (WAFs) are an excellent last line of defense. Based on what I see in my testing they’re great at blocking both automated scans and granular exploits like Cross-Site Scripting and SQL injection. I recommend WAFs to clients … [+]
When performing web security assessments, it’s easy for us to feel confident in what we see. Take Cross-Site Scripting (XSS) for instance. Your scanner finds this web vulnerability. You validate that it does indeed exist. What more is there to … [+]
Is the exploitation of web vulnerabilities worth the trouble? Does it create unnecessary risks that should be avoided? Why exploit flaws anyway? This is not a black and white circumstance. Every situation is unique. But here’s what I know. The … [+]
Gerald Ford once said “Nothing in life is more important than the ability to communicate effectively.” What a profound statement that not only applies to our personal lives but also how far we go in our IT careers. There’s hardly … [+]
A lot of developers are using version control systems such as SVN (Apache Subversion) and GIT in order to track changes in their source code. These types of server tools are essential for the organizations which have multi-developer projects. Most … [+]
When you visit a website your browser sends an HTTP header called “User-Agent” to the web server. This header indicates which web browser you are using, its version number and details about your operating system and version. … [+]
Nowadays, more and more people are using URL rewrite techniques to increase their “friendliness” to both users and search engines. With URL rewrites, a URL like http://www.site.com/cms/product.php?action=buy&id=1 is typically rewritten to something like: http://www.site.com/buy/1. … [+]
As I’ve written about scoping your Web security tests in the past, it’s not something to be taken lightly. Interestingly, there’s one aspect of Web security testing where I’m still seeing a big disconnect. The issue is how many critical … [+]
