Scanning a large website very often takes a long time. Using the default settings, Acunetix Web Vulnerability Scanner will first try to identify all the pages using various crawling techniques, and will then proceed to scan the pages that have ... [+]
Web servers are one of the most targeted public faces of an organization. Securing a web server is as important as securing the website or web application itself and the network around it. Although securing a web server can be … [+]
BlackHat USA 2009; Eduardo Vela Nava (sirdarckcat) and David Lindsay presented a paper entitled “Our Favorite XSS Filters and How to Attack Them”. Very interesting paper, you should definitely take a look at it. In this paper, besides other things, … [+]
Earlier on this year, a report from SANS institute showed that two of the twenty five most dangerous programming errors, led to more than 1.5 million website security breaches in 2008. The report is a joint effort from more than … [+]
In eval($WAF); whitepaper, L. Nothdurfter, W.Neudorfer and M. Kirchner from the University of Applied Sciences Upper Austria, explain in detail how they evaluated the capabilities of some leading WAF’s (web application firewalls), and concluded that although a WAF can raise … [+]
In a previous post, we linked to an article which gave an in-depth explanation of SQL injection vulnerabilities, and what impact such vulnerabilities can have on your web application. Now, that you know what they are and what their impact … [+]
File upload forms, nowadays can be found allover the internet. In social network web applications, such as Facebook and Twitter, in blogs, forums, e-banking sites, YouTube and also in corporate support portals, to give the opportunity to the end user … [+]
As demonstrated during an OWASP Europe 2009 presentation, WAF’s (web application firewalls) also have vulnerabilities. Sandro Gauci (founder and CSO for EnableSecurity) and Wendel Henrique (member of SpiderLabs) showed how an attacker can easily identify and bypass several well known … [+]
Unless you have been sleeping under a stone for the past four years then you must have heard about Twitter in some way or another. The original idea behind Twitter was to provide a social network where everyone can tell … [+]
In this video, the Acunetix Blind SQL Injector tool is used for data mining purposes against a real life web applicaion, DeluxeBB. Using the AcuSensor Technology, and manually configuring the Blind SQL Injector, in this video one can see a … [+]
AJAX (Asynchronous JavaScript Technology and XML) is meant to increase interactivity, speed, and usability in web applications. The technologies have prompted a richer and friendlier experience for the user, as web applications are designed to imitate desktop applications, such as … [+]
