Featured Article

More comprehensive scanning with Acunetix WVS v9.5 – Part I

May 05, 2014 - 08:15am

In these 2 articles, I will be detailing the new functionality introduced in Acunetix WVS version 9.5. An important update introduced in the new version of Acunetix WVS is full JSON and XML support. If you are scanning a web ... [+]


Top Network Security Flaws You’re Likely Overlooking

There’s no doubt you know your network better than anyone else. The real question is, do you know whether you’ve checked for all relevant security flaws on all of your critical systems? Odds are you haven’t but that’s okay to … [+]


What You Need to Know About Performing Authenticated Network Security Scans

Are you scanning your network hosts for security vulnerabilities while logged in as a user? If not, you should be. Authenticated testing can add a lot of value to your overall security assessment results. You’ll find a lot more missing … [+]


How to Block Automated Scanners from Scanning your Site

This blog post describes how to block automated scanners from scanning your website. This should work with any modern web scanner parsing robots.txt (all popular web scanners do this). Website owners use the robots.txt file to give instructions about their site to web robots, such … [+]


AcuMonitor could have Detected PayPal’s Blind XSS Vulnerability

Vulnerability-Lab, a Germany-based security research company, recently identified an application-side validation web vulnerability, which allows an attacker to inject code in his user profile. The injected code gets executed when a PayPal employee loads the user’s details on PayPal’s backend … [+]


WordPress Username Enumeration using HTTP Fuzzer

In many WordPress blogs, it’s possible to enumerate WordPress users using a well-known feature/bug related to author archives. This works if the following conditions are met: WordPress permalinks are enabled. By default WordPress uses web URLs which have question marks and lots of numbers … [+]


Common Platform Enumeration (CPE) Explained

When running a Network Scan on your perimeter server using Acunetix Online Vulnerability Scanner (OVS), one of the Informational alerts shown in the scan results is the CPE Inventory. The data that is collected during the scan is aggregated using … [+]


Acunetix Sponsors RSA Conference Asia Pacific & Japan 2014

Acunetix will be exhibiting as a Silver Sponsor at the RSA Conference in Singapore this year. The event will be held from 22nd till 23rd July at Marina Bay Sands. The conference will host a series of IT security-related workshops … [+]


Cookie Overdose

One of our customers recently reported that some parts of his site were not properly crawled by our scanner (Acunetix Web Vulnerability Scanner). Upon investigation, I found the cause of the problem. When a specific page was visited, a cookie with a random … [+]


Network Vulnerability Assessment Gotchas to Avoid

There’s a saying that experience is something you don’t get until just after you need it. It’s so true, especially in the context of information security and, specifically, network security testing. If you have any experience running vulnerability scans, you’ve … [+]


How to Configure your Web Server to Not Disclose its Identity

If you are running a web server, that web server is probably showing the world what type of server it is, and possibly its version number. This information is ignored by most people, with the exception of hackers, who use this … [+]