Identify the Heartbleed Bug with Acunetix Vulnerability Scanner

Featured Article

The Aftermath of the Heartbleed Bug

April 17, 2014 - 09:34am

The Heartbleed bug, a security flaw in the popular OpenSSL library used for data encryption, has taken the web security world by storm, and the victim toll has started to rise. The first reported victims include the Canada Revenue Agency ... [+]


Acunetix WVS v7 build 20101206 automatically checks for DOM XSS

Acunetix WVS v7 build 20101206 automatically checks for DOM XSS

The new build of Acunetix Web Vulnerability scanner Version 7 checks for DOM based XSS vulnerabilities.  Unlike the traditional cross-site scripting vulnerability, document object model based cross-site scripting (DOM XSS) vulnerability is a type of vulnerability which affects the script … [+]

Statistics from a phisher's list

Statistics from a phisher's list

Yesterday night I was following some security related forums and some person posted a phishing kit for a popular bank from Romania.  A phishing kit is a collection of scripts to help a script kiddie launch a phishing exploit and … [+]

Acunetix WVS Version 7 build 20101123 released

An updated build of Acunetix WVS Version 7 was released. Improvement: More updates to the Client Script Analyser (CSA) engine for better Web 2.0 support Bug Fixes: Fix: Added port in host header for https in manual browsing Fixed: Crawler … [+]

HTTP Post Denial Of Service: more dangerous than initially thought

HTTP Post Denial Of Service: more dangerous than initially thought

Wong Onn Chee and Tom Brennan from OWASP recently published a paper* presenting a new denial of service attack against web servers. What’s special about this denial of service attack is that it’s very hard to fix because it relies … [+]

Notable changes in PCI DSS 2.0 affecting Web application security

Notable changes in PCI DSS 2.0 affecting Web application security

“Clarification, additional guidance, and evolving requirements” – welcome to the new PCI standards! Hot off the press are the new PCI DSS and PA-DSS requirements which take effect January 1, 2011. So, if you work in or around Web application … [+]

Acunetix WVS Version 7 build 20101115 released

An updated build of Acunetix WVS Version 7 was released.  It includes a new feature,  and improved support for JQuery and Web 2.0 web applications. New Features: Ability to stop individual running security scripts during a scan Major Improvements: CSA … [+]

Application Security; Don’t get caught off guard with dangerous assumptions

Application Security; Don’t get caught off guard with dangerous assumptions

Don’t get caught off guard. We hear that statement all the time with regards to information security. Sadly, as many businesses have experienced, such talk is cheap. Obviously no one wants their Web site to get hacked. Okay, maybe a … [+]

Acunetix WVS Version 7 build 20101028 released

An updated build of Acunetix WVS Version 7 has been released.  This build addresses a number of bug fixes. Bug Fixes: Fixed: Replay of recorded login sequences was not working properly in the free version Fixed: NTLM authentication was not … [+]

Preventing phishing attacks is not just a technical issue

Preventing phishing attacks is not just a technical issue

A client of mine who’s a security administrator for a business in the financial industry contacted me recently about some odd behavior he was seeing on his network. Apparently numerous spidering/mirroring requests were being sent to his company’s marketing website … [+]

Internet Voting Trial Thwarted by Hackers

The District of Columbia recently attempted to give the opportunity to number of people who live or work overseas to be able to cast their vote remotely. To do this a secure E-Voting website costing over $300,000 was built. On Tuesday, September 28 2010 the first public trial run was launched. Thirty-six hours later the voting system was hacked by a student. It took nearly three days for D.C officials to realize that their system was compromised. The trial was immediately suspended and red-faced engineers and politicians quickly scrambled to find out how this breach could possibly have happened.
[+]