Acunetix together with partners Winmill Software will be exhibiting at the 3rd annual New York Metro Joint Cyber Security Conference to be held on the 5th October 2016 at 11 Times Square, New York City, USA. The event is a collaborative event of leading professional associations in…
Acunetix to exhibit at Appsec USA 2016
Acunetix together with Winmill Software will be exhibiting at Appsec USA 2016 to be held on the 13th and 14th October 2016, in Washington DC, USA. OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Visitors can…
33% of websites and webapps are vulnerable to XSS
Cross-site Scripting (XSS) is a much talked-about type of injection vulnerability that occurs on the client-side (that is, in a user’s browser). It occurs, predominantly through the use of JavaScript due to its prevalence in most browsing experiences. Cross-site Scripting can be classified into four…
SQL injection slowly receding, but still a major concern
SQL injection (SQLi) is a frequent topic on this blog – it refers to an injection attack that allows an attacker to execute malicious SQL statements that allow the attacker to control a web application’s database server. Since an SQL injection vulnerability could possibly affect…
Second Web App Security Report by Acunetix shows 55% of websites have severe vulnerabilities (& rising)
Vulnerabilities grow by 9% in past 12 months as companies demand faster application release cycles London, UK – August 2016 – Acunetix, the pioneer in automated web application security software, announces its annual Web App Security Report 2016. Statistics reveal that high-severity vulnerabilities are on…
In the headlines: US Department of Energy, IBM census site, NSA cyber defense hack, Sage data breach and more
US Department of Energy invests $34m in cybersecurity The Department of Energy in the US is set to invest $34m in 12 individual projects aimed to secure the smart grid. The projects are described as being aimed to improve the ‘reliability and resilience’ of US…
Drupal Ransomware Vulnerability Attacks – Rex
For the past few months, multiple reports regarding a ransomware primarily affecting the popular CMS, Drupal have been emerging. The ransomware itself has no official name however is currently being dubbed as Rex. In May 2016, it was reported that 400 Drupal installations were affected, and…
Pentest Diaries: Negative Transfers and Android eWallets don’t Mix
eWallets, or digital wallets are becoming evermore popular. Most Android eWallets are apps that allow a user to make electronic transactions, including purchasing items online or in-person. Some services even allow an individual’s bank account to be linked to the service. Naturally, breaking the security…
Hunting for XXE in Uber using Acunetix AcuMonitor
XML External Entity (XXE) vulnerabilities are attacks which involve an attacker abusing an application which parses XML. The attack occurs against an XML parser which has XML entities enabled. If you are not familiar with XML entities, you can think of them as a rarely…