WordPress Username Enumeration using HTTP Fuzzer

In many WordPress blogs, it’s possible to enumerate WordPress users using a well-known feature/bug related to author archives. This works if the following conditions are met: WordPress permalinks are enabled. By default WordPress uses web URLs which have question marks and lots of numbers … [+]


Common Platform Enumeration (CPE) Explained

When running a Network Scan on your perimeter server using Acunetix Online Vulnerability Scanner (OVS), one of the Informational alerts shown in the scan results is the CPE Inventory. The data that is collected during the scan is aggregated using … [+]


Cookie Overdose

One of our customers recently reported that some parts of his site were not properly crawled by our scanner (Acunetix Web Vulnerability Scanner). Upon investigation, I found the cause of the problem. When a specific page was visited, a cookie with a random … [+]


Network Vulnerability Assessment Gotchas to Avoid

There’s a saying that experience is something you don’t get until just after you need it. It’s so true, especially in the context of information security and, specifically, network security testing. If you have any experience running vulnerability scans, you’ve … [+]


How to Configure your Web Server to Not Disclose its Identity

If you are running a web server, that web server is probably showing the world what type of server it is, and possibly its version number. This information is ignored by most people, with the exception of hackers, who use this … [+]


How to Close Unused Open Ports

One of the checks done in a network scan by Acunetix Online Vulnerability Scanner (OVS) is a TCP and UDP port scan. Any open ports detected during the scan will be reported as shown in the screenshot. In this particular … [+]


The Importance of Scanning your Internet-Facing Assets

If your network is in any way connected to the Internet, the security of your network is being put to the test. Your Internet-facing servers are being probed by hackers looking for ways to damage your resources or steal them. … [+]

Identify the Heartbleed Bug with Acunetix Vulnerability Scanner

Heartbleed – A Bigger Threat Than Meets the Eye

The Heartbleed Bug took the world by storm the moment the vulnerability became public. Heartbleed Bug is a serious vulnerability in the widely used OpenSSL cryptographic library. This weakness allows theft of data resident in the server’s memory, which generally … [+]


E-commerce: The Real Cost of Convenience

The e-commerce business has been growing exponentially for the past 10 years. Hundreds of thousands of businesses have moved online and millions of users have taken their shopping to the Internet. During this rush, everyone seems to ignore security, as … [+]


The TweetDeck Worm: How it Worked

TweetDeck is a very popular Twitter application (with 23% market share as of June 2009). The application was acquired by Twitter on May 25, 2011. On Wednesday, the user @derGeruhn, exploited a stored XSS (cross-site scripting) vulnerability in the TweetDeck … [+]