acunetix_logo_blog_post_100x74

Featured Article

Acunetix WVS v9.5 build 20140902 detects Hibernate Query Injection, Format Strings and more

September 02, 2014 - 11:30am

Acunetix Web Vulnerability Scanner version 9.5 build 20140902 has been updated to include new vulnerability checks, including detection of Hibernate Query Injection, format strings vulnerabilities, MySQL username disclosure and others, including some, in well-known web applications. This new build also ... [+]


Misleading Reports of 0-Day in Acunetix WVS

Reports of a 0day vulnerability in Acunetix Web Vulnerability Scanner turn out to affect only an old version from 2012 which was subsequently fixed. A blog post has recently come to our attention that claims a successful attack against Acunetix … [+]

trojan--resized

Danger: Open Ports – Trojan is as Trojan does

Open ports are the doorways to your secure perimeter. Behind open ports, there are applications and services listening for inbound packets, waiting for connections from the outside, in order to perform their jobs. Security best practices imply the use of … [+]

teamwork - resized

Ways to Keep your Developers Interested in Web Security

Working in IT over the past couple of decades I’ve witnessed the good, the bad, and the downright ridiculous when it comes to the way software developers are treated by management. Seeing what I’ve seen, and having been in those … [+]

Acunetix Web Vulnerability Scanner v9, build 20131216 includes a new PCI 3.0 compliance report and several new tests

Scanning for Heartbleed using Acunetix

Soon after the Heartbleed bug was made public, Acunetix released an update to detect the vulnerability in websites and web applications. The script that detects this is called Heartbleed_Bug.script, and is included in the following Scanning Profiles: Default High_Risk_Alerts The … [+]

Identify the Heartbleed Bug with Acunetix Vulnerability Scanner

The Aftermath of the Heartbleed Bug

The Heartbleed bug, a security flaw in the popular OpenSSL library used for data encryption, has taken the web security world by storm, and the victim toll has started to rise. The first reported victims include the Canada Revenue Agency … [+]

Acunetix Web Vulnerability Scanner v9, build 20131216 includes a new PCI 3.0 compliance report and several new tests

Creating Custom Checks in Acunetix Web Vulnerability Scanner

Although Acunetix Web Vulnerability Scanner (WVS) includes most of the checks that you may require to perform a comprehensive scan of your site, there might be situations where you need to create checks for something which is specific to your … [+]

blog post image - resized

Elaborate Ways to Exploit XSS: XSS Proxies

In his book “Web Application Vulnerabilities: Detect, Exploit, Prevent”, Steve Palmer describes XSS Proxies as cross-site scripting exploitation tools that allow attackers to temporarily take control over the victim’s browser. XSS Proxy functions as a web server which takes commands … [+]

victims- resized

CSRF and XSS – Brothers in Arms

What is CSRF (XSRF)? Cross-Site Request Forgery is a type of web attack which exploits the trust of a website in the user’s browser. In essence, the attacker manipulates the victim’s browser to send requests in the user’s name to … [+]

Identify the Heartbleed Bug with Acunetix Vulnerability Scanner

Latest Acunetix release scans for Heartbleed Bug

Yesterday, an update was released for Acunetix Vulnerability Scanner which includes a test for a critical OpenSSL vulnerability named The Heartbleed Bug (CVE-2014-0160). Quote from the report: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. … [+]

play - resized

Elaborate Ways to Exploit XSS: Flash Parameter Injection

Common cross-site scripting (XSS) attacks rely on the injection of malicious code (usually JavaScript) in HTML pages, HTML headers or page DOM. There are, however, ways of injecting malicious code in less likely, very popular and innocent-looking places, such as … [+]