The importance of Internal Web Security Assessments

The importance of Internal Web Security Assessments

What do things look like on the outside? That’s the main focus we have as human beings. But beauty is only skin deep. As with relationships and leaked NSA documents, we quickly discover that what’s on the inside is just … [+]

Service Side Request Forgery (SSRF) Attack Alert in Acunetix

Server Side Request Forgery (SSRF)

A Server Side Request Forgery (SSRF) attack gives an attacker the ability to use your web application to send requests to other applications running on the same machine, or to other servers which can be on the same or on … [+]

Automatic detection of XXE vulnerabilities in OpenID implementations using Acunetix AcuMonitor

Automatic detection of XXE vulnerabilities in OpenID implementations using Acunetix AcuMonitor

Reginaldo Silva recently uncovered a very interesting bug affecting Facebook (and received $33,500 for this discovery). The bug is caused by improper handling of XML documents in OpenID implementations causing XML External Entity Expansion vulnerabilities. He mentioned in his article … [+]

New security tests added to Acunetix Web Vulnerability Scanner

New Security Checks Added to Acunetix Web Vulnerability Scanner

The latest build of Acunetix Web Vulnerability Scanner includes a lot of changes and new security tests. Here is a short summary of the most interesting tests we’ve just added. 1. Vulnerable JavaScript libraries Acunetix Web Vulnerability Scanner can now identify … [+]

Latest WVS v9 build with new DOM XSS checks that can be injected in HTTP GET parameters

Latest Improvements in the Detection of DOM XSS Vulnerabilities

The latest build of Acunetix Web Vulnerability Scanner (Build 20131023) released yesterday, contains important improvements in the detection of DOM XSS vulnerabilities. Our DeepScan technology was also further strengthened in this build. Take the following piece of code for example: … [+]

XSS Vulnerability injected through Google Analytics, executed in IOS's Gmail application

XSS Vulnerability injected through Google Analytics, executed in IOS’s Gmail application

Roy Castillo, a security researcher from the Philippines, identified a cross-site scripting (XSS) vulnerability in the Gmail application for iOS. The vulnerability was found in the mail attachment feature and needed no user interaction to be triggered. In a post … [+]

IT Security Includes Cyber Attack Response

IT Security Includes Cyber Attack Response

Preventing cyber attacks is a dominant topic for IT security.  It is the first layer of defense.  The more attacks prevented the better – no question about it.  However, does great prevention guarantee there will no successful cyber attacks?  Of … [+]

Critical vulnerabilities discovered in Gazelle and TBDEV.net

Critical vulnerabilities discovered in Gazelle and TBDEV.net

Gazelle and TBDEV.NET are the most popular web applications used as BitTorrent trackers. A BitTorrent tracker is an application that assists in the communication between peers using the BitTorrent protocol. BitTorrent trackers can be public/open where anybody can join or … [+]

The Default WordPress Administrator Account Is In Use

The Default WordPress Administrator Account Is In Use

Alert group: WordPress default “admin” account exists Acunetix WP Security Plugin test: During this test Acunetix looks for the default admin account in the WordPress user list. Repercussions: With the default WordPress administrator account active, a malicious user does not … [+]

On the increasing popularity of JavaScript - Acunetix.

On the Increasing Popularity of JavaScript

Many people think of JavaScript as a way to create interactive and dynamic web pages.   JavaScript gives visitors a great website experience across platforms and across browsers that can be adjusted and tweaked to fit the user’s device, interests, and … [+]