Acunetix provides additional functionality for managing your scans. You may encounter a situation, where scans should not interfere with scheduled deployments or hinder the web application functionality during certain times. With that in mind, it is possible to configure excluded hours for Acunetix during which…
HTTP Security: A Security-Focused Introduction to HTTP
HTTP is a ubiquitous protocol and is one of the cornerstones of the web. If you are a newcomer to web application security, a sound knowledge of the HTTP protocol will make your life easier when interpreting findings by automated security tools, and it’s a…
Cybersecurity Trends 2019 – Web Security
The year 2019 so far has seen its share of major security and data breaches. Unsurprisingly, they were not caused by new cybercriminal techniques but by the same ones that have plagued information security for up to two decades. Social engineering and cyberattacks on web…
Data Breaches Due to Exposed Databases
The recent massive breach of sensitive Ecuador population data is yet another case, where there was no actual hack involved. The data owner, an Ecuadorian company Novaestrat, simply left an unsecured Elasticsearch database exposed on a publicly accessible server in Miami. The database contained data…
Using Logs to Investigate – SQL Injection Attack Example
A log file is an extremely valuable piece of information that is provided by a server. Almost all servers, services, and applications provide some sort of logging. A log file records events and actions that take place during the run time of a service or…
What Is IAST (Interactive Application Security Testing)
Interactive Application Security Testing (IAST) is a term for tools that combine the advantages of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). It is a generic term, so IAST tools may differ a lot in their approach to testing web application…
New build adds ability to scan for latest vulnerabilities, ad-blocking, session headers, and new vulnerability checks
Acunetix version 12 (build 12.0.190927120) has been released. This new build introduces a number of updates including ad-blocking in the scanner resulting in faster scans, support for Session HTTP headers, the ability to run scans for vulnerabilities introduced in the latest Acunetix update, and the…
What Are DNS Zone Transfers (AXFR)
DNS zone transfers using the AXFR protocol are the simplest mechanism to replicate DNS records across DNS servers. To avoid the need to edit information on multiple DNS servers, you can edit information on one server and use AXFR to copy information to other servers….
DevSecOps vs. SecDevOps
DevSecOps is a relatively new approach to continuous software development processes in agile environments. It is an extension of DevOps (Development + Operations) that includes security. The order of component terms in the DevSecOps name, however, may lead to incorrect application security approaches. That…
Global AppSec – DC by OWASP Highlights
At Acunetix we have been busy promoting our latest edition – Acunetix 360 – at various conferences, including the recently held Global AppSec – DC Conference, organized by OWASP Foundation. This comprehensive platform has been specifically designed for enterprise customers in mind. We have noted…