acx_logo

Featured Article

More comprehensive scanning with Acunetix WVS v9.5 – Part I

May 05, 2014 - 08:15am

In these 2 articles, I will be detailing the new functionality introduced in Acunetix WVS version 9.5. An important update introduced in the new version of Acunetix WVS is full JSON and XML support. If you are scanning a web ... [+]


What do American Express and Facebook have in common?

Cross Site Scripting seems to be the word of the past few days with high profile sites getting featured on the technology news sites. ZDNet reported how Facebook just fixed four XSS security flaws affecting their developer’s page, the iPhone … [+]

Why upgrade PHP to 5.2.8? Part 1

Note: PHP 5.2.7 is the actual version that fixes the below security holes. PHP 5.2.8 fixes an issue introduced in 5.2.7. Details from the PHP news site. A new version of the popular scripting language, PHP includes a couple of … [+]

URL Rewriting and AcuSensor Technology; automation and advantages

URL Rewriting and AcuSensor Technology; automation and advantages

Note: This articles refers to an older version of Acunetix. Click here to download the latest version.  Nowadays, a lot of web applications are using URL rewriting. URL rewriting involves converting normal URLs to search engine friendly URLs. Usually the … [+]

Directory Traversal attack; what is it and how to prevent such attacks

If a web application or web server are vulnerable to a Directory Traversal attack, a malicious user can exploit this vulnerability to step out of the web root directory and access other restricted files and directories of the file system. … [+]

AcuSensor Technology in action; finding backdoors in web applications

AcuSensor Technology in action; finding backdoors in web applications

On March 2, 2007 the following was posted on the WordPress blog: Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you … [+]

How Cross Site Scripting can lead to a Windows Domain compromise

Many times internal web applications are excluded from the scrutinity that external ones are subjected to. It is often assumed that attackers are on the external side of the network and therefore do not have access to any internal resources. … [+]

Acunetix WVS Scripting reference available

With Acunetix WVS version 6, Acunetix introduced a Port Scanner and Network Alerts. When scanning a website, a port scan against the web server can be launched (optional) and once open ports are found specific network security tests are launched … [+]

SQL Injection in Mambo found with Acunetix AcuSensor Technology

SQL Injection in Mambo found with Acunetix AcuSensor Technology

Note: This article refers to an older version of Acunetix. Click here to download the latest version. This post shows how with Acunetix AcuSensor Technology improves scanning reliability by using sensors placed inside the web application being scanned.  It also … [+]

Facebook worm on the loose

A worm abusing Facebook’s messaging system is making rounds between friends. It consists of an executable worm known as Koobface that runs on the victim’s computer and searches for Facebook cookies on his or her computer. It will then use … [+]