Acunetix Web Application Vulnerability Report 2015

A year after the release of the online version of our vulnerability scanner in March 2014, Acunetix have aggregated the findings of over 15,000 scans performed on 1.9 million files over the past 12 months with some interesting results. The report details the most common vulnerabilities found, how often they occurred and which bugs our users […]

Read More →

Blind Out-of-band Remote Code Execution vulnerability testing added to AcuMonitor

Similar to Blind Out-of-band SQL Injection vulnerabilities, AcuMonitor can now detect Blind Out-of-band Remote Code Execution vulnerabilities. Let’s consider a vulnerable PHP application that contains the following code $cmd = isset($_GET[‘1’]) ? $_GET[‘1’] : ”; if ($cmd) { exec(‘ping -c 1 ‘ . $cmd); } This application executes a shell command that is composed from […]

Read More →

Blind Out-of-band SQL Injection vulnerability testing added to AcuMonitor

Acunetix AcuMonitor is a free intermediary service that helps detect second-order vulnerabilities (i.e. vulnerabilities that do not provide a response to a scanner during testing) during a scan. AcuMonitor made its debut with Acunetix WVS version 9. Since then, we’ve continuously improved the service and the number of vulnerabilities it can detect. With the latest […]

Read More →

ASD Strategies to Mitigate Targeted Cyber Intrusions

In Australia, the government provides formal guidance regarding cyber security in the form of the ‘Strategies to Mitigate Targeted Cyber Intrusions’ document, issued by the Department of Defence. This ties with the statutory information security compliance which anyone handling Australian Government data is subject to. They also rank these in order of importance from ‘essential’ […]

Read More →

UK 2015 information security breaches survey

The UK 2015 information security breaches survey has just been published, showing as anticipated that just about every aspect of security breaches is on the increase. A staggering 90% of large organisations surveyed admitted to having experienced at least one breach within the last year, up 9% from the previous year. Similarly small business breaches […]

Read More →

The What, Why and How of Wassenaar

If you work in the realm of cyber security and monitor its goings-on then you will probably have come across this hashtag lately; #wassenaar. Here we’re going to explain what’s happening, what exactly it means and how it might affect you. Wassenaar is the name of the town in the Netherlands where, in 1996, 41 […]

Read More →