There’s always a point in every IT professional’s career where he thinks he has everything figured out. We can get so caught up in our ways that we often overlook the fact that there are so many things we do on a daily basis that…
Top network security flaws you’re likely overlooking
There’s no doubt you know your network better than anyone else. The real question is, do you know whether you’ve checked for all relevant security flaws on all of your critical systems? Odds are you haven’t but that’s okay to an extent. No one has…
What you need to know about performing authenticated network security scans
Are you scanning your network hosts for security vulnerabilities while logged in as a user? If not, you should be. Authenticated testing can add a lot of value to your overall security assessment results. You’ll find a lot more missing patches, weak share permissions, and…
AcuMonitor could have Detected PayPal’s Blind XSS Vulnerability
Vulnerability-Lab, a Germany-based security research company, recently identified an application-side validation web vulnerability, which allows an attacker to inject code in his user profile. The injected code gets executed when a PayPal employee loads the user’s details on PayPal’s backend system. This type of vulnerability…
WordPress Username Enumeration using HTTP Fuzzer
In many WordPress blogs, it’s possible to enumerate WordPress users using a well-known feature/bug related to author archives. This works if the following conditions are met: WordPress permalinks are enabled. By default WordPress uses web URLs which have question marks and lots of numbers in them; however, WordPress offers…
Common Platform Enumeration (CPE) Explained
When running a network scan on your perimeter server using Acunetix Vulnerability Scanner, one of the Informational alerts shown in the scan results is the CPE Inventory. The data that is collected during the scan is aggregated using the CPE standard, originally defined by MITRE,…
Acunetix Sponsors RSA Conference Asia Pacific & Japan 2014
Acunetix will be exhibiting as a Silver Sponsor at the RSA Conference in Singapore this year. The event will be held from 22nd till 23rd July at Marina Bay Sands. The conference will host a series of IT security-related workshops and conference tracks attracting industry…
Cookie Overdose
One of our customers recently reported that some parts of his site were not properly crawled by our scanner (Acunetix Web Vulnerability Scanner). Upon investigation, I found the cause of the problem. When a specific page was visited, a cookie with a random name and a large value…
Network vulnerability assessment gotchas to avoid
There’s a saying that experience is something you don’t get until just after you need it. It’s so true, especially in the context of information security and, specifically, network security testing. If you have any experience running vulnerability scans, you’ve no doubt been down that…