Acunetix version 12 (build 12.0.190325161 – Windows and Linux) has been released. This new build indicates which vulnerabilities are verified and includes vulnerability checks for RCE in Nagios XI, XSS in Cisco Identity Service Engine, Rails File Content Disclosure, Apache Solr Deserialization of untrusted data,…
Out-of-band XML External Entity (OOB-XXE)
As with many types of attacks, you can divide XML External Entity attacks (XXE attacks) into two types: in-band and out-of-band. In-band XXE attacks are more common and let the attacker receive an immediate response to the XXE payload. In the case of out-of-band XXE…
What Are XML External Entity (XXE) Attacks
An XML External Entity (XXE) attack (sometimes called an XXE injection attack) is a type of attack that abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service (DoS) as well as access…
How do I check that Acunetix crawled through the entire site?
When using Acunetix to scan for vulnerabilities, it is imperative that all locations are discoverable by DeepScan, as missing even one path will leave your application vulnerable to a potential attack. To check if Acunetix identified all the locations in your application, navigate to Scans…
RSA Conference 2019 Highlights
The Acunetix team has returned from RSA Conference 2019 held once again at the Moscone Business Centre in San Francisco. This week-long conference was attended by security professionals from around the globe. Mark Schembri and Bernhard Abele from the Acunetix Support team and Daniel Sauritch…
Nicholas Sciberras on Hack Naked News
Acunetix CTO, Nicholas Sciberras, joins Paul at Hack Naked News to discuss a recent security incident which saw white hat hackers flooding VKontakte (VK) with spam on Valentine’s Day. This was part of a revenge prank against the Russian social network after the company failed…
All about Man-in-the-Middle Attacks
In a man-in-the-middle attack (MITM), a black hat hacker takes a position between two victims who are communicating with one another. In this spot, the attacker relays all communication, can listen to it, and even modify it. Imagine that Alice and Barbara talk to one…
GIF Buffer Content Exposed by Facebook Messenger
The saying one man’s trash is another man’s treasure applies to IT security as well. There are several types of attacks, such as buffer overflow, that rely on accessing leftover memory content. For example, this is exactly what the infamous Heartbleed bug in OpenSSL was…
What is Local File Inclusion (LFI)?
An attacker can use Local File Inclusion (LFI) to trick the web application into exposing or running files on the web server. An LFI attack may lead to information disclosure, remote code execution, or even Cross-site Scripting (XSS). Typically, LFI occurs when an application uses…