SSL is a fundamental piece of technology when you want to run a protected Apache site. SSL certificates permit you to scramble all the traffic sent to and from your Apache site to keep others from seeing the majority of the traffic. It utilizes open key cryptography to set up a safe connection. This implies […]
How to Schedule Future and Recurrent Scans
With Acunetix, it is not only possible to start a scan instantaneously, but you can schedule a scan for a future date and time, or schedule recurrent scans which might be helpful for periodical reporting. These can be set up as follows: After adding the target and configuring the scan settings, click on Scan. Once […]
New build facilitates scanning restricted areas and sites which use Swagger and SOAP
Acunetix version 12 (build 12.0.190206130 – Windows and Linux) has been released. This new build makes it easier to record Login Sequences which can be used to scan restricted areas, and provides support to provide Swagger and WSDL as import files to be used by the scanner. The new build includes a good number of […]
Authenticated Scans on Applications That Make Use of One-time Tokens or CAPTCHAs
One-Time Tokens add another layer of security, supplementing the username and password with a code that only the individual user has access to (for example by SMS or via a security key). A CAPTCHA has a different purpose, as it provides a test used to identify whether the user is human or an automated system. […]
Acunetix Web Application Vulnerability Report 2019
Acunetix compiles an annual web application vulnerability report. The purpose of this report is to provide security experts and interested parties with an analysis of data on vulnerabilities gathered over the previous year. The 2019 report contains the results and analysis of vulnerabilities, detected from the automated web and network perimeter scans run on the […]
Visit us at RSAC 2019
This year’s RSA Conference held between 4-8 March at the Moscone Centre, San Francisco, is centered around the theme BETTER – better solutions, brainstorming better ideas; ensuring a better and safer world, making security a top priority. At Acunetix we also have been working on presenting our own idea of “better” with the introduction of Acunetix […]
A Fresh Look On Reverse Proxy Related Attacks
In recent years, several researches have been published about attacks deliberately or directly related to reverse proxies. While implementing various reverse-proxy checks on the scanner, I started analyzing implementations of reverse proxies. Initially, I wanted to analyze how both reverse proxies and web servers parse requests, find out inconsistencies in the process between them and […]
Scanning applications that make use of Single Sign-On (SSO)
Single Sign-On (SSO) is a service which allows users to have one set of login credentials to access multiple web applications. SSO allows a user to log in once and gain access to various applications, without the need to re-enter login credentials at each application. SSO works as follows: A user requests access to an […]
Application Security Weekly: Reverse Proxies Using Weblogic, Tomcat, and Nginx
Aleksei Tiurin, Senior Security Researcher for Acunetix joins Paul’s Application Security Weekly show, for a technical segment on reverse proxies using weblogic, Tomcat, and Nginx.
How to Stop Old, Backup and Unreferenced Files from Leaking Sensitive Information
The very real threat of information disclosure by means of inadvertent exposure of sensitive files has been a constant source of woe for corporations and individuals alike. Despite having the potential for serious repercussions including legal ones, many webmasters, administrators and developers have struggled to contain this common issue for years. This article explores various […]