With the release of Acunetix WVS version 10, we’ve introduced a lot of improvements on how we test Java web applications. Java web applications are notoriously hard to scan automatically for many reasons, the most important one being session management. This type of application will frequently invalidate user sessions, making the process of crawling and […]
As a pen-tester, there are going to be situations where you will be asked to provide evidence of the seriousness of a vulnerability that has been identified. There is ample documentation on how to do this for the more common vulnerabilities such as Cross Site Scripting (XSS) or SQL Injection. But what if you need to […]
In Australia, the government provides formal guidance regarding cyber security in the form of the ‘Strategies to Mitigate Targeted Cyber Intrusions’ document, issued by the Department of Defence. This ties with the statutory information security compliance which anyone handling Australian Government data is subject to. They also rank these in order of importance from ‘essential’ […]
The UK 2015 information security breaches survey has just been published, showing as anticipated that just about every aspect of security breaches is on the increase. A staggering 90% of large organisations surveyed admitted to having experienced at least one breach within the last year, up 9% from the previous year. Similarly small business breaches […]
If you work in the realm of cyber security and monitor its goings-on then you will probably have come across this hashtag lately; #wassenaar. Here we’re going to explain what’s happening, what exactly it means and how it might affect you. Wassenaar is the name of the town in the Netherlands where, in 1996, 41 […]
mSpy surveillance service hacked In a somewhat ironic turn of events, mSpy, a provider of software allowing people to track others such as their children or spouses, has admitted to suffering a data breach. The news emerged through the Krebs on Security blog by security expert Brian Krebs, who was anonymously directed to the data […]
Telstra, Australia’s largest telephone operating company, revealed yesterday that its internal corporate network Pacnet had been compromised via an SQL Injection attack. So far it is not yet known what exactly was taken from the network, but it is clear that the perpetrators had complete access to the corporate network, including email and admin systems. […]
Acunetix exhibited at CeBIT, Sydney Olympic Park, Australia between 5-7 May 2015. Thank you to all prospective customers and resellers who visited our stand.
Acunetix recently travelled to San Francisco to exhibit at the RSA Conference 2015. This week-long conference was attended by over 30,000 security professionals. A big thank you goes out to all who dropped by the Acunetix stand.
Hundreds of WordPress themes and plugins that make use of the Genericons package, could be vulnerable to a DOM-based XSS vulnerability affecting millions of WordPress installations. Genericons are versatile vector icons embedded in a webfont from Automattic (the creators of WordPress). The vulnerability resides in the examples.html file included in the Genericons package by default. […]