Last week, Larry Suto published a report entitled “Accuracy and Time Costs of Web Application Security Scanner Report”. I’ve started to investigate in detail the results from this report. And I’ve found a list of inaccuracies. Here is a direct quote from his paper: Methodology…
Get sued for Malware Distribution
It’s becoming quite clear that this is an age of increased malware and security threats. The news is becoming more and more flooded with these kinds of reports and many of them are from reputable companies that end up looking stupid because of a vulnerability…
FAQ: Can I scan a website that uses URL rewrite without specifying URL rewrite rules in Acunetix WVS?
Although it is not a suggested operation, yes, you can still scan a website which has URL rewrite enabled without specifying any URL rewrite rules in Acunetix Web Vulnerability Scanner. Unlike other scanners, Acunetix WVS will advise you once it detects that the target website…
Acunetix WVS Version 6.5 build 20100203 released
An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks, improvements and bug fixes. New security checks: 8.3 DOS filename source code disclosure Apache Tomcat Directory Host Appbase authentication bypass vulnerability Apache Tomcat WAR File directory traversal…
Malware Scanning – Customer Scenario
Malware… Yes, its been around for many years. However the attack vector has changed. Long ago the primary distribution method was by sharing dirty data (yes, exchanging floppy disks….remember those days?! Then it went onwards into distributing viruses and malware via email (this is the…
e107 CMS system website compromised
As part of my job here at Acunetix, from time to time I analyze source code looking for security problems. Using this information I adjust Acunetix WVS to detect these problems automatically (when it’s possible). Monday, I downloaded e107 from e107.org and started analyzing the…
How you get affected by Malware – Customer Story
One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we’ve written quite alot about customer-specific impacts when they are infected. The ‘results’ run the gambit of…
Security is hard
The year debuted with ‘Operation Aurora‘: Google and over 30 other companies were hit by a spear phishing attack which resulted in theft of intellectual property from Google and probably other companies. Spear phishing is a targeted form of phishing in which an e-mail message might look…
2009 Security News Update – PCI Council, Aweber, Adobe – Hacks and Cracks
Back for the last entry of 2009, here are the latest updates in the security world: Aweber announces its own incursion into its site, unnumbered amount of email addresses pilfered. AWeber was recently the victim of an intentional attack to mine email addresses. We’d like…