Acunetix WVS Version 7 build 20110124 released

An updated build of Acunetix WVS Version 7 has been released. In this build we introduced a new Cross-site scripting security check and also address a number of bug fixes. New security check: New type of XSS test introduced (parameter was set to javascript:…) Bug Fixes: Fixed: Scanner crash when scanning https sites with client […]

Read More →

AJAX Application Attacks

Understanding Ajax and JavaScript Ajax is a popular technology for Web 2.0 applications. Ajax (which is shorthand for asynchronous JavaScript and XML) is not one component, but is a group of related development techniques for Web applications. At the heart of Ajax’s functionality is the ability to asynchronously retrieve data from a Web server without […]

Read More →

How often should you test your web applications?

Periodic and consistent security checks – that’s the recipe for effective Web security, right? We hear this “best practice” recommendation all the time. It’s true but what exactly does it mean? How often do you really need to test your websites and web applications? Do you go by what the PCI Security Standards Council recommends? […]

Read More →

What is Google Hacking?

Are you Vulnerable to Google Hacking? The term “Google Hacking” refers to a hacker attack that uses a search engine like Google to find vulnerable Web servers and websites. Google hacking makes use of special search queries to locate servers and Web applications running with incomplete security or with no security. In addition to searching […]

Read More →

How to choose a web vulnerability scanner

A must read interview for anyone who is interested in evaluating web vulnerability scanners.  In this interview we discuss the process of choosing a web vulnerability scanner and underline several factors that should be taken into consideration in the decision-making process. Which is the best web vulnerability scanner out there? This question has been haunting […]

Read More →

Understanding SQL Injection

SQL injection attacks are also often referred to as SQL malware.  Like local and remote file inclusion attacks, an SQL injection attack inserts a malicious script into a website’s code.  In this case, a web page that is using a tool like MySQL to query and manipulate a database through SQL (Structured Query Language) is […]

Read More →

What Is SEO Poisoning and What Does It Mean to You

SEO poisoning is a sophisticated attack that is being perpetrated on a daily basis.  Basically, the hacker includes a script (in apache config, in your WordPress blog, htaccess, etc.) that says, if the incoming user agent = googlebot, etc. SEND THEM here. If it’s not, display that site. So, in our customer’s example, all of […]

Read More →

Acunetix WVS Version 7 build 20101216 released

An updated build of Acunetix WVS Version 7 was released, featuring further DOM XSS checks improvements and addresses a number of bug fixes. New features: DOM XSS will now report the filename in which the attack was executed DOM XSS checks on document.open, window.open, window.navigate and more Bug fixes: Fixed: Aborting analysis while executing events […]

Read More →