White Papers on Web Security

  • An Introduction to Web-shells
    Acunetix, July 2016 – A web-shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. In this White Paper, we look at common functions used to execute shell commands in PHP, possible tricks attackers can use to keep web shells under-the-radar, and tips on detection and prevention.
  • Top tips to secure your Drupal Application
    Acunetix, February 2016 – Drupal is a very popular Content Management System (CMS) on the Internet today. Drupal sites, especially ones running older versions of the CMS or it’s modules are a ripe target for attackers. In this White Paper, we detail a few measures which can be taken to address the basic security holes or malpractices that are commonly present in thousands of Drupal sites.
  • Top tips to secure your Joomla! Application
    Acunetix, February 2016 – Joomla! sites, especially ones running older versions of the CMS or it’s modules are a ripe target for attackers. In this White Paper, we detail a few measures which can be taken to address the basic security holes or malpractices that are commonly present in thousands of Joomla! web applications.
  • Defence in depth and how it applies to web applications
    Acunetix, January 2016 – Defence in depth is a principle of adding security in layers in order to increase the security posture of a system as a whole. In other words, if an attack causes one security mechanism to fail, the other measures in place take arms to further deter and even prevent an attack.
  • Top tips to secure your WordPress Application
    Acunetix, February 2015 – WordPress sites are notoriously lacking when it comes to security. Be it due to an insufficient security expertise of the developer, or the use of one of the many plugins available (of which the security cannot be guaranteed). This White paper gives top tips on how to keep the WordPress application secure.
  • HIPAA – Why you need to keep patient information secure
    Acunetix, December 2014 – If you’re a healthcare entity in the United States, then you’ll certainly be familiar with HIPAA. This Whitepaper deals with the most important aspects for healthcare providers, insurers and other health related entities – keeping patient information secure and to know when, how much and with who the information can be shared.
  • A Complete Guide to Securing your Website
    Acunetix, January 2010 – In this white paper we explain in detail how to do a complete website security audit and focus on using the right approach and tools.  We describe the whole process of securing a website in an easy to read step by step format; what needs to be done prior to launching an automated website vulnerability scan up till the manual penetration testing phase.
  • PCI Compliance – Securing Both Merchant and Customer Data
    Acunetix, November 2014 – This white paper details the Payment Card Industry (PCI) compliance standard and the security threats which brought about the need to standardize the protection of customer credit card data.
  • Why File Upload Forms are a Major Security Threat
    Acunetix, May 2009 – This white paper shows how and why the widely used file upload forms are a major security threat.  It also states some recommendations on how to securely code such file upload forms, and how these can be checked with Acunetix web vulnerability scanner for vulnerabilities.
  • Finding the Right Web Application Scanner; Why Black Box Scanning is not Enough
    Acunetix, September 2008 – This white paper shows how Acunetix AcuSensor Technology increases accuracy by combining black box scanning techniques with feedback from sensors placed inside the source code while the source code is executed.
  • Web Services – The Technology and its Security Concerns
    Acunetix, October 2007 – This white paper examines the technology behind Web Services, how the system is made available to the user, and the way connections are made to back-end (and therefore sensitive) data. These different elements come together to make Web Services a portal for users to access data, but also provide different entry points which may be exploited for illegitimate purposes.
  • The Payment Card Industry Compliance – Securing Both Merchants and Customer Data
    Acunetix, May 2007 – This white paper explains the Payment Card Industry Compliance standard in real detail, and the security threats which brought about the need to standardize the data protection of both merchants and customers.
  • Are AJAX Applications Vulnerable to Hack Attacks? The Importance of Securing AJAX Web Applications
    Acunetix, March 2007 – This paper reviews AJAX technologies with specific reference to JavaScript and Ajax Security. It briefly documents the kinds of vulnerability classes that should raise security concerns among developers, website owners and the respective visitors. It also proposes solutions such as auditing AJAX and JavaScript based applications with a web vulnerability scanner that executes the code.
  • Auditing your Website Security with Acunetix Web Vulnerability Scanner
    Acunetix, February 2007 – This tutorial paper describes how to use Acunetix WVS to scan your website and other web applications. It explains all the Acunetix WVS wizard options in detail and explains also to the reader how to analyze the scan results, how to generate reports with the Acunetix WVS Reporter and more.
  • PHP and SQL Security
    Andrew J. Bennieston, February 2007 – This white paper by Andrew J. Bennieston looks at some of the issues that should be considered every time a PHP script is written. These problems like SQL Injections, Directory Traversal and more, with well-designed code, can be eliminated entirely.