Acunetix 10 build includes security checks in CORS configurations, Rails web applications and identifies the vBulletin 5 RCE

Acunetix 10 (build 20151125) has been released. This new build checks for insecure DNS records, insecure CORS configurations, Rails web applications running in development mode, web applications running Tornado and Pyramid in debug mode and various new and updated vulnerability checks including one for vBulletin 5 RCE. Below is the full list of updates. New […]

Read More →

PWC Global State of Information Security Survey 2016

Price Waterhouse Coopers have just published a report about cybersecurity. Not about the attacks and threats themselves, but about how businesses are tackling the risks. Titled the Global State of Information Security Survey 2016, its key findings relate to measures such as external collaboration and cybersecurity insurance. In summarising some of the main security strategies […]

Read More →

Defence in depth and how it applies to web applications – Part 1

Information security generally refers to defending information from unauthorized access, use, disclosure, disruption, modification or deletion from threats. Organizations are constantly facing threats that exist both externally as well as internally — be they from nation states, political activists, corporate competitors or even disgruntled employees. Defending an organization from these threats is hard because it […]

Read More →

Visit Acunetix at Security Leaders in Sao Paulo

Sunlit Technologies the Acunetix distributor for Brazil, will be exhibiting at the 6th edition of Security Leaders in Sao Paulo on 18th and 19th November 2015, at Fecomércio / SP – Rua Doutor Plinio Barreto, 285 – Sao Paulo. About Security Leaders in Sao Paulo Since 2010, Security Leaders and the Brazilian IT market have been following a broad discussion […]

Read More →

SQLi part 6: Out-of-band SQLi

Out-of-band SQL injection is not very common, mostly because it depends on features being enabled on the database server being used by the web application. Out-of-band SQL injection occurs when an attacker is unable to use the same channel to launch the attack and gather results. Out-of-band techniques, offer an attacker an alternative to inferential […]

Read More →