Comments for Acunetix Web Application Security Blog

Comment on FAQ: How can I backup my Acunetix WVS settings? by Robert Abela

Robert Abela — Wed, 25 Jan 2012 13:32:31 +0000

Hi Dave,

Good point. We will add it to the blog post. In the meantime, if you need to re-install Acunetix Web Vulnerability Scanner on another server, simply send an email to our sales on sales@acunetix.com and they will give you further instructions.

Looking forward to hearing from you.

Comment on FAQ: How can I backup my Acunetix WVS settings? by Dave Wood

Dave Wood — Sun, 22 Jan 2012 23:22:34 +0000

Tha’s a helpful article guys, but you failed to explain the most important consideration – the licensing!
How do we unregister the installation so that it may be redeployed on a rebuilt hardware for instance?
Or assuming one does not have this luxury due to catastrophic system failure; how does one go about activating after a new rebuild?

Thanks for a great product.

Comment on VIDEO: Acunetix Web Vulnerability Scanner 8 – What’s New? by administrator

administrator — Wed, 04 Jan 2012 07:29:32 +0000

Hi Alan,

Thank you for showing interest in our BETA.

Please drop us an email on beta@acunetix.com.

Comment on Preventing XSS Attacks by Louises Web Security » VIDEO: How Cross-Site Scripting (XSS) Works

Louises Web Security » VIDEO: How Cross-Site Scripting (XSS) Works — Sat, 31 Dec 2011 00:32:12 +0000

[...] this video tutorial I demonstrate what an XSS attack is to show you how a hacker can use XSS vulnerabilities to hack into your website. I start the [...]

Comment on Properly Scoping your Web Security Assessments by Louises Web Security » Improving Web Security by Working With What You’ve Got

Sat, 31 Dec 2011 00:31:56 +0000

[...] that you’re thoughtful and careful about money and that the decisions you’re making regarding Web security are in the best interests of the business. You can be frugal and show management that you’re [...]

Comment on “Time to market” no longer the security excuse by Louises Web Security » Improving Web Security by Working With What You’ve Got

Fri, 30 Dec 2011 02:29:40 +0000

[...] November 5, 2011 at 6:02 am As I wrote about in a previous post, we’re in the era of cutting back – if not completely eliminating – all non-essential [...]

Comment on VIDEO: Acunetix Web Vulnerability Scanner 8 – What’s New? by Alan Wlasuk

Alan Wlasuk — Thu, 29 Dec 2011 14:16:34 +0000

How do I sign up for the Beta program?

Comment on VIDEO: Acunetix Web Vulnerability Scanner 8 – What’s New? by Robert Abela

Robert Abela — Fri, 09 Dec 2011 09:48:33 +0000

Hi Mikhail,

Thank you for showing interest in our product.

We are still not sure when it will be released. It all depends on the feedback we get from BETA testers. Things seem to be going very well, so the official release is very near

Comment on Critical XSS Flaw Discovered in Barack Obama’s Website by TXT小说下载

TXT小说下载 — Mon, 05 Dec 2011 10:19:19 +0000

Very nice bug and very hard to detect or exploit this kind of issue. Godd work anyway

Comment on VIDEO: Acunetix Web Vulnerability Scanner 8 – What’s New? by Mikhail

Mikhail — Sun, 04 Dec 2011 17:35:43 +0000

and when will be the official release?

Comment on Acunetix Web Vulnerability Scanner 8 BETA Available Now by BoiteaWeb

BoiteaWeb — Fri, 02 Dec 2011 09:03:22 +0000

Thank you Robert.
I’m glad to become a beta tester for WSV8 !

Comment on VIDEO: Acunetix Web Vulnerability Scanner 8 – What’s New? by Robert Abela

Robert Abela — Wed, 30 Nov 2011 08:42:39 +0000

Hi Mikhail,

Thank you for showing interest in our product. The new version is still in BETA. Once there is an official release, you will be alerted to upgrade.

Comment on VIDEO: Acunetix Web Vulnerability Scanner 8 – What’s New? by MIkhail

MIkhail — Fri, 25 Nov 2011 00:16:47 +0000

If released new version, why i can’t see in “program update” new build is available Acunetix 8?

Comment on MySQL.com Victim of SQL Injection Attack by Louises Web Security » SQL Injection – The Web Flaw That Keeps on Giving

Louises Web Security » SQL Injection – The Web Flaw That Keeps on Giving — Sun, 20 Nov 2011 00:49:28 +0000

[...] in the past year, we’ve seen numerous high-profile SQL injection attacks against businesses such as Barracuda Networks, Expedia and HBGary. If it’s happening to [...]

Comment on Preventing XSS Attacks by Louises Web Security » Critical XSS Flaw Discovered in Barack Obama’s Website

Sun, 20 Nov 2011 00:49:13 +0000

[...] time that the president’s website was targeted. About a year ago SecurityShell reported a similar XSS vulnerability on their [...]

Comment on Statistics from 10,000 leaked Hotmail passwords by 500 Most Common Passwords | Negative Foo

500 Most Common Passwords | Negative Foo — Fri, 18 Nov 2011 23:46:08 +0000

[...] recent post at Acunetix shows statistics on 10,000 recently leaked Hotmail passwords. The ten most common passwords on [...]

Comment on Statistics from 10,000 leaked Hotmail passwords by Seguridad Informática: recomendaciones básicas para los usuarios

Seguridad Informática: recomendaciones básicas para los usuarios — Wed, 16 Nov 2011 18:02:42 +0000

[...] sobre las contraseñas más comunes usadas en Hotmail (en inglés) http://www.acunetix.com/blog/websecuritynews/s…; [...]

Comment on Why people violate security policies by wifihead

wifihead — Thu, 03 Nov 2011 21:52:39 +0000

I appreciate the fact that #1 stated “Users don’t appreciate the business reasons behind the policies”. This to me is the major reason for failures and non-compliance. When we analyze the implications, it falls directly on the lap of upper management. Too many times things, both hardware and software, solutions, rules, regulations and a myriad of others are introduced into the network without communication. People are innately sensible. If a user is presented with a proposed change and is educated as to the why, how, when and where, most will fall in.The problems show up when there was no structure before, everything went everywhere, and suddenly users are told to buckle up.Any user who values his/her job will comply if they are educated and are aware of the consequences of non-compliance.I agree that in most environments the users are aware that policies will not be enforced because they are cognizant that the network is understaffed.I think that incentives can go a long way in having users comply. Just sayin.

Comment on VIDEO: How Cross-Site Scripting (XSS) Works by Wladimir

Wladimir — Thu, 03 Nov 2011 12:33:40 +0000

better this … impossible…

Comment on VIDEO: How Cross-Site Scripting (XSS) Works by Logan

Logan — Thu, 27 Oct 2011 14:18:31 +0000

Thanks! Makes XSS easier to understand with your example

Comment on Authentication Tester Tool by Tinychat Vulnerabilities & Talking with the CEO « Work for the Internet

Tinychat Vulnerabilities & Talking with the CEO « Work for the Internet — Tue, 25 Oct 2011 04:59:30 +0000

[...] names and analytics of the top 60,000 users on Tinychat. When it comes to cracking accounts, Acunetix’s Authentication Tester is a huge luxury. It works nicely on just about 80% of the sites I’ve played with. Bryan is [...]

Comment on VIDEO: How Cross-Site Scripting (XSS) Works by JJ

JJ — Mon, 24 Oct 2011 01:37:45 +0000

nice and informative indeed – nice to see it in practice too

Comment on Statistics from 10,000 leaked Hotmail passwords by 97views

97views — Mon, 17 Oct 2011 15:51:37 +0000

the phishing kit used most probably was badly designed, since it was one that didn’t further authenticated the users to the Hotmail/Live website. I think it just returned an error message after grabbing the credentials.

Comment on VIDEO: How Cross-Site Scripting (XSS) Works by Jacks

Jacks — Sun, 16 Oct 2011 06:42:51 +0000

Wow.Great video.Very informative and well presented.

Comment on VIDEO: How Cross-Site Scripting (XSS) Works by George

George — Wed, 12 Oct 2011 15:32:49 +0000

The scream is a little loud…

Comment on Improving Web Security by Working With What You’ve Got by Improving Web Security by Working With What You’ve Got | National Cyber Security

Thu, 06 Oct 2011 11:31:48 +0000

[...] As I wrote about in a previous post, we’re in the era of cutting back – if not completely eliminating – all non-essential expenditures. The thing is what may seem to be non-essential to management may actually be essential to the business. There could just be a disconnect — or communication breakdown — between you, your team, and the managers ultimately making the decisions. Politics and opinions aside, you have to think creatively about how you can make small improvements in Web application security across numerous areas of the business if you’re going to move your Web security program forward. How can you do this? You need to prove that you’re thoughtful and careful about money and that the decisions you’re making regarding Web security are in the best interests of the business. You can be frugal and show management that you’re willing and able to cut back, deal with what you’ve got and find ways to make things work better that may have been overlooked the past. For example, one thing I see quite often is network administrators and security managers not taking advantage of Web security (continue reading…) [...]

Comment on Explaining the “why” of Web application security by Explaining the “why” of Web application security | National Cyber Security

Explaining the “why” of Web application security | National Cyber Security — Fri, 30 Sep 2011 16:42:44 +0000

[...] Looking at the bigger picture of application security it seems that no one else really hears us. Sure, product managers, marketing, legal, HR and even certain people in management say they understand what’s at stake. But are they really on board? Business leaders have learned that they must teach, train and develop their employees. Otherwise, they can’t expect people to perform at their highest levels. The same goes for us working in and around IT and Web application security. We can try to be high and mighty telling people the sky is falling because our Web applications aren’t secure. We can tell people all day – every day – that they can’t do this, that or the other – all in the name of Web security. But we have to be realistic and ask: how’s that working for us? Skipping formal teaching, training, and development, and instead forcing Web security on other people doesn’t work all that well. It’s like trying force a religion or political ideology on others and expecting them to just say “Okay, whatever you say.” People and politics just don’t work that way. In fact, many people couldn’t care less about Web application security. Just because something is important to us doesn’t mean (continue reading…) [...]

Comment on SQL Injection – The Web Flaw That Keeps on Giving by Episode 480 – Holy Flyin’ SCADA systems, Evil Face Cookies, Seattle Wardrivers, BEAST Slayer, SQLi, Sony | InfoSec Daily

Tue, 27 Sep 2011 01:16:55 +0000

[...] Source: http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-prevalent-hack/ [...]

Comment on Critical XSS Flaw Discovered in Barack Obama’s Website by Darius

Darius — Thu, 22 Sep 2011 09:47:36 +0000

Now the description is much better then the first article. Very nice bug and very hard to detect or exploit this kind of issue. Godd work anyway

Comment on Hackers Slurp over a million user accounts from Washington Post by Salman

Salman — Thu, 22 Sep 2011 08:57:26 +0000

Are they not encrypting every bit of data which enters their (unprotected) databases?