releases

Acunetix Web Vulnerability Scanner Product Releases

docs & FAQs

Acunetix technical documentation and FAQ

news

Acunetix Company and Web Security news, & Press Releases

events

Acunetix Webinars, Events and Training around the world

web security zone

Everything you need to know about Web Security

Home » Archive by Category

Articles in articles

Seven Signs You’re Not Ready to Run a Web Vulnerability Scan
June 16, 2010 – 9:08 pm | 8 Comments
Seven Signs You’re Not Ready to Run a Web Vulnerability Scan

Looking to hop aboard the Web vulnerability scanning bandwagon to see just how vulnerable your Web site or application really is? Well, not so fast. Here are some signs you’re not ready to begin just …

Web application contingency plans – the missing link in Web security?
June 9, 2010 – 8:11 pm | One Comment
Web application contingency plans – the missing link in Web security?

Why are Web applications out of the loop when it comes to contingency planning? Look at any given security incident response or disaster recovery plan (assuming they even exist) and chances are business critical Web …

VIDEO: web application firewall bypass with a XSS attack
June 1, 2010 – 6:52 pm | 5 Comments
VIDEO: web application firewall bypass with a XSS attack

In the following demo video, Sandro Gauci of EnableSecurity shows how an attacker can switch off dotDefender in order to bypass any “protection” offered by the WAF.  Such attack is possible By exploiting a cross-site …

FAQ: Should I scan a website through a web application firewall?
May 25, 2010 – 6:58 pm | 5 Comments
FAQ: Should I scan a website through a web application firewall?

Unfortunately, security scans are frequently launched against a website or web application sitting behind a web application firewall, or some other kind of web security gateway device.  A website audit performed for a website through a …

Creating a Web security testing policy
May 11, 2010 – 7:07 pm | No Comment
Creating a Web security testing policy

If you’re reading this blog, Web security testing is undoubtedly on your radar. You may have an ongoing process for testing Web vulnerabilities but do you actually have a policy for it? I’m all …

CRLF Injection Attacks and HTTP Response Splitting
May 4, 2010 – 5:50 pm | One Comment

The CRLF Injection Attack (sometimes also referred to as HTTP Response Splitting) is a fairly simple, yet extremely powerful web attack.  Hackers are actively exploiting this web application vulnerability to perform a large variety of …

The new OWASP Top 10 for 2010 – Risk and Realities
April 27, 2010 – 10:30 pm | 3 Comments
The new OWASP Top 10 for 2010 – Risk and Realities

Kudos to Jeff Williams, Dave Wichers, and the rest of the OWASP team for pulling together the final release of the OWASP Top 10 for 2010. Obviously, a lot of thought and work has gone …

The road to glory, from XSS to Root on apache.org
April 14, 2010 – 8:35 pm | No Comment
The road to glory, from XSS to Root on apache.org

On the 9th of April 2010, Apache.org infrastructure suffered a direct and targeted attack on the server hosting the Apache issue-tracking software, Atlassian JIRA.  This is the second major compromise the Apache Software Foundation suffered …

VIDEO: Exploiting a Cross Site Scripting vulnerability in Mambo CMS
April 13, 2010 – 6:53 pm | 5 Comments
VIDEO: Exploiting a Cross Site Scripting vulnerability in Mambo CMS

In this video we look into the details of how an attacker is able to exploit a Cross Site Scripting vulnerability in Mambo CMS (version: 4.6.5), discovered by Bogdan Calin with Acunetix Web Vulnerability Scanner.
This …

Fighting Web flaws is futile
April 6, 2010 – 6:59 pm | One Comment
Fighting Web flaws is futile

Do you ever find yourself driving down the road in an unfamiliar place and you get that gut feeling that you’re headed in the wrong direction? Well, I feel that’s exactly where we are with …