You can integrate Acunetix with Kenna Security as a connector, out of the box. The following configuration applies to both the Kenna VM appliance and the SaaS solution. First, create a new Kenna instance. On the Home page, you can see statistics for imported vulnerability…
DAST vs SAST: A Case for Dynamic Application Security Testing
Dynamic Application Security Testing (DAST) is a black-box security testing methodology in which an application is tested from the outside. A tester using DAST examines an application when it is running and tries to hack it just like an attacker would. On the other end…
Remote Code Execution Possible in Drupal
On February 19, Drupal released a security advisory PSA-2019-02-19 (further amended by PSA-2019-02-22). The advisory contains information about a critical security flaw in Drupal 8.5 and 8.6 core. This flaw, classified as CVE-2019-6340, can be used for remote code execution (code injection). An exploit for…
DOM XSS: An Explanation of DOM-based Cross-site Scripting
DOM XSS stands for Document Object Model-based Cross-site Scripting. A DOM-based XSS attack is possible if the web application writes data to the Document Object Model without proper sanitization. The attacker can manipulate this data to include XSS content on the web page, for example,…
New build checks for Drupal RCE, ThinkPHP RCE, vBulletin LFI and Typo3 Restler LFI
Acunetix version 12 (build 12.0.190227132 – Windows and Linux) has been released. This new build includes a good number of new vulnerability checks, including checks for the recently discovered Drupal Remote Code Execution vulnerability, another RCE in ThinkPHP, Local File Inclusion vulnerabilities in vBulletin and…
Exploiting SQL Injection: a Hands-on Example
In this series, we will be showing step-by-step examples of common attacks. We will start off with a basic SQL Injection attack directed at a web application and leading to privilege escalation to OS root. SQL Injection is one of the most dangerous vulnerabilities a…
Critical CSRF Vulnerability on Facebook
A security researcher Youssef Sammouda (Samm0uda) recently discovered a critical CSRF (Cross-site Request Forgery) security vulnerability on Facebook. This security issue could have been used to take over any Facebook user account. Samm0uda reported the bug on January 26 and Facebook fixed it just 5…
Paul’s Security Weekly Episode: Web App Scanning with Authentication.
Benjamin Daniel Mussler, Senior Security Researcher at Acunetix meets with Paul at Paul’s Security Weekly to discuss how Acunetix handles authentication to broaden the scan surface and why a web vulnerability scanner should be able to log into protected areas.
Setting Up A Self-Signed TLS/SSL Certificate on Apache
SSL is a fundamental piece of technology when you want to run a protected Apache site. SSL certificates permit you to scramble all the traffic sent to and from your Apache site to keep others from seeing the majority of the traffic. It utilizes open…