People who are at the top of their games such as Formula One engineers, neurosurgeons, stunt pilots and so on have one thing in common: they all have finely-tuned technical skills. This is not just specific knowledge of what they do but knowledge about many…
Acunetix WVS Version7 build 20101012 released
An updated build of Acunetix WVS Version 7 has been released. It includes two bug fixes. Bug fixes: Fixed: Client Script Analyser engine was blocking if insertAdjacentHTML used on an element without parent Fixed: “Accept” header was not sent by the advanced penetration testing tools,…
Drive By Malware: What does my website look like to my customers?
As depicted below, you may be presenting an excellent, professional and polished image. However, as your customers are ‘browsing’ the scary stuff is happening behind your and their backs! The virus attacks their desktop, depositing its nastiness and spreading from there. This happens for all…
What does being Banned by Google mean to me?
Many customers ask me, “so what’s the big deal about this Google banning thing?”. As I try and explain Google’s algorithms, the lovely joy of begging to be allowed back into their (Google’s) good graces and the challenges of ensuring continued ‘cleanliness’, I feel sometimes…
Why all the hoopla over the Twitter onMouseOver flaw?
The recent publicity and ranting about Twitter’s onMouseOver flaw* got me thinking about our perception of software quality and expectations of risk. Why is there no room for error when Twitter makes a mistake yet we put up with so many bigger – and more…
Acunetix WVS Version 7 build 20100921 released
An updated build of Acunetix WVS Version 7 has been released. Apart form a number of improvements and bug fixes, this build will also automatically check for the latest OpenX OFC file upload and the ASP.NET padding Oracle vulnerabilities. New Security Checks: Added a security…
Check if your application is vulnerable to ASP.NET Padding Oracle Vulnerability
Everybody’s talking about the ASP.NET Padding Oracle vulnerability released a few days ago at the ekoparty Security Conference. However, until now there wasn’t enough information on how do you check if your application is vulnerable or not. Yesterday, Duncan Smart from ASP.NET forums published some…
Why do so many people buy into "checklist" audits?
Probably my biggest pet peeve related to application security is the claim by many (typically management) that “We know we’re secure, we just had an audit”. I can’t tell you how many times I’ve seen this situation. Management will require their administrators to go down…
Directory Traversal in Axigen v7.4.1 running on Windows
Note: This article refers to an older version of Acunetix. Click here to download the latest version. We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 . In this…