The HTTP protocol and web servers are stateless by nature. This means that there is no way for them to track user activity. The web server treats every request as a new one. For this reason, browsers and web servers need to use session tokens. Session tokens are unique pieces of information shared between the […]

Read More →

Starting from Acunetix Version 12 (build 12.0.190325161), Acunetix marks some vulnerabilities identified during a scan as verified. Verified vulnerabilities are vulnerabilities that Acunetix has detected with 100% certainty in the web application being scanned and thus they do not need to be manually verified. Acunetix can verify vulnerabilities with or without AcuSensor, although AcuSensor does […]

Read More →

Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to a program. This input gets processed by an interpreter as part of a command or query. In turn, this alters the execution of that program. Injections are amongst the oldest and most dangerous attacks aimed […]

Read More →

Code Injection or Remote Code Execution (RCE) enables the attacker to execute malicious code as a result of an injection attack. Code Injection attacks are different than Command Injection attacks. Attacker capabilities depend on the limits of the server-side interpreter (for example, PHP, Python, and more). In some cases, an attacker may be able to […]

Read More →

If you are using Ruby to develop applications, run the latest update of Acunetix to make sure that you are safe. A very popular Rails gem bootstrap-sass was recently compromised. A malicious version of the package (3.2.0.3) was available in the official RubyGems repository for several days. This version allowed remote code execution (code injection). Suspicious […]

Read More →

Are you sure that your website is safe from Cross-site Scripting if Google Search was not for five months? On September 26, 2018, one of the developers working on the open-source Closure library (originally created by Google and used in Google Search) created a commit that removed part of input sanitization. Supposedly, this was because […]

Read More →

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), are widely used protocols. They were designed to secure the transfer of data between the client and the server through authentication, encryption, and integrity protection. TLS/SSL technology is commonly used in websites and web applications together with the HTTP protocol. It is also used […]

Read More →

This article explains the steps that you should take to migrate Acunetix On-Premise to another server while keeping the configuration and reports intact. This process applies to Microsoft Windows installations. Before you start the migration process, make sure to back up your Acunetix installation. You can find more information about how to backup Acunetix configuration […]

Read More →

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic security protocols. They are used to make sure that network communication is secure. Their main goals are to provide data integrity and communication privacy. The SSL protocol was the first protocol designed for this purpose and TLS is its successor. SSL is now considered […]

Read More →

Using Remote File Inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential consequences of a successful RFI attack range from sensitive information disclosure and Cross-site Scripting (XSS) to Remote Code Execution. Remote File Inclusion attacks usually […]

Read More →