The POODLE attack (Padding Oracle on Downgraded Legacy Encryption) exploits a vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability lets an attacker eavesdrop on communication encrypted using SSLv3. The vulnerability is no longer present in the Transport Layer Security protocol (TLS), which is the…
Scanning an Application in Docker Using AcuSensor for Java
The following article shows you how you can run a Java application in a Docker container and then use AcuSensor to run an interactive application security testing (IAST) scan for that application. Step 1: Prepare an Example Application Using Eclipse IDE Go to the menu…
Why Is Directory Listing Dangerous?
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. It is dangerous to leave this function turned on for the web server because it leads to information disclosure. For example, when…
What Is the BEAST Attack
BEAST stands for Browser Exploit Against SSL/TLS. It is an attack against network vulnerabilities in TLS 1.0 and older SSL protocols. The attack was first performed in 2011 by security researchers Thai Duong and Juliano Rizzo but the theoretical vulnerability was discovered in 2002 by…
What Are Google Hacks?
The terms Google hacking, Google hacks, or Google dorking refer to attacks that use Google or another search engine to find vulnerable web servers and websites. Google hacking is based on inventing specific search queries, often using wildcards and advanced search operators (such as intitle,…
How to Use the Acunetix Business Logic Recorder
The Business Logic Recorder is a new and unique Acunetix feature that lets you test more web applications without extensive manual work or additional non-automated tools. Most automated web vulnerability scanners do not have any mechanisms that let you test applications with complex business logic….
Acunetix update introduces Business Logic Recorder, CVSS 3.1 scoring, and support for Citrix WAF and the Azure DevOps Services issue tracker
Acunetix Version 13 build 13.0.200508159 for Windows and Linux has been released. This new build introduces the Business Logic Recorder, which allows the user to record logic implemented in multi-step web forms. The Acunetix scanner will go through the multi-step form and will be able…
Even the Mightiest Fall: An SQL Injection in Sophos XG Firewall
Do you really think you are safe from web vulnerabilities or that they are just minor problems? A few days ago Sophos, one of the world’s most renowned security companies, found an SQL Injection in their product. What is worse, they found the vulnerability because…
Acunetix Partners with Prianto Global on Distribution Contract
Austin, Texas, April 29, 2020 — Acunetix, the pioneer in automated web application security software, announced today that it has partnered with Prianto Global. Partners will have the opportunity to sign up with Prianto as an Acunetix reseller, providing them with the opportunity to enjoy…