cve-logo

Better scan results with CVSS, CVE and CWE

By adding these internationally adopted standards of classification, users of Acunetix Vulnerability Scanner will have a common language across their various security products resulting in an easier, more fluid remediation process. The most recent version of Acunetix Web Vulnerability Scanner … [+]

search-image---resized

Negative Impacts of Automated Vulnerability Scanners and How to Prevent them

Automated web application vulnerability scanners are constantly being used in order to automatically identify vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection on web applications. Although automated vulnerability scanners have become an indispensable tool for pen-testers and security consultants, … [+]

stop-hackers-resized

The Results are in – Verizon 2014 Data Breach Investigations Report

The numbers are in… and cybercrime had quite an active 2013 according to Verizon’s 2014 Data Breach Investigations Report (DBIR) – one of the information security industry’s most prominent studies compiled from over 50 contributing organizations. This year’s report includes … [+]

security-image-resized

Key Web Application Security Metrics

How’s your web application security program measuring up today? If you’re like many people, you’re simply going through the motions of periodic vulnerability scans and problem resolution. It’s a vicious cycle that may or may not be delivering the results … [+]

trojan--resized

Danger: Open Ports – Trojan is as Trojan does

Open ports are the doorways to your secure perimeter. Behind open ports, there are applications and services listening for inbound packets, waiting for connections from the outside, in order to perform their jobs. Security best practices imply the use of … [+]

teamwork - resized

Ways to Keep your Developers Interested in Web Security

Working in IT over the past couple of decades I’ve witnessed the good, the bad, and the downright ridiculous when it comes to the way software developers are treated by management. Seeing what I’ve seen, and having been in those … [+]

Identify the Heartbleed Bug with Acunetix Vulnerability Scanner

The Aftermath of the Heartbleed Bug

The Heartbleed bug, a security flaw in the popular OpenSSL library used for data encryption, has taken the web security world by storm, and the victim toll has started to rise. The first reported victims include the Canada Revenue Agency … [+]

blog post image - resized

Elaborate Ways to Exploit XSS: XSS Proxies

In his book “Web Application Vulnerabilities: Detect, Exploit, Prevent”, Steve Palmer describes XSS Proxies as cross-site scripting exploitation tools that allow attackers to temporarily take control over the victim’s browser. XSS Proxy functions as a web server which takes commands … [+]

victims- resized

CSRF and XSS – Brothers in Arms

What is CSRF (XSRF)? Cross-Site Request Forgery is a type of web attack which exploits the trust of a website in the user’s browser. In essence, the attacker manipulates the victim’s browser to send requests in the user’s name to … [+]

play - resized

Elaborate Ways to Exploit XSS: Flash Parameter Injection

Common cross-site scripting (XSS) attacks rely on the injection of malicious code (usually JavaScript) in HTML pages, HTML headers or page DOM. There are, however, ways of injecting malicious code in less likely, very popular and innocent-looking places, such as … [+]