Scanning a large website very often takes a long time. Using the default settings, Acunetix Web Vulnerability Scanner will first try to identify all the pages using various crawling techniques, and will then proceed to scan the pages that have ... [+]
Although it is not a suggested operation, yes, you can still scan a website which has URL rewrite enabled without specifying any URL rewrite rules in Acunetix Web Vulnerability Scanner. Unlike other scanners, Acunetix WVS will advise you once it … [+]
An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks, improvements and bug fixes. New security checks: 8.3 DOS filename source code disclosure Apache Tomcat Directory Host Appbase authentication bypass vulnerability Apache … [+]
As part of my job here at Acunetix, from time to time I analyze source code looking for security problems. Using this information I adjust Acunetix WVS to detect these problems automatically (when it’s possible). Monday, I downloaded e107 from … [+]
The year debuted with ‘Operation Aurora’: Google and over 30 other companies were hit by a spear phishing attack which resulted in theft of intellectual property from Google and probably other companies. Spear phishing is a targeted form of phishing in which … [+]
When it comes to Web security why is it we always seem to focus on layer 7 only? Sure, it can be argued that XSS, SQL injection, flawed application logic and so on are the big deal items in any … [+]
The next version of Acunetix Web Vulnerability Scanner (version 7), will contain a much more improved HTTP stack. While testing, we wanted to test the new HTTP stack on as many sites as possible to make sure we didn’t introduce … [+]
An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks and bug fixes. New security checks: Test for File Upload IIS bug filename.asp;.jpg Test for WP-Forum 2.3 vulnerabilities JBoss rmi ping (network … [+]
An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and a number of new security checks. New security checks: JBoss BSHDeployer MBean JBoss checks from RedTeam’s paper JBoss HttpAdaptor JMXInvokerServlet JBoss … [+]
Recently we’ve released a new build, build number 20091124. This build includes a new AcuSensor check named “curl_exec() url is controlled by user”. This new check will verify if the user can control the URL passed to curl_exec. In case you are not … [+]
In the spirit of improving Web application security worldwide the folks at OWASP have released the OWASP Top 10 2010 “release candidate”. It’s currently open for comments and scheduled for final release the first quarter of next year. The biggest … [+]
