Juice Shop is an intentionally vulnerable web application developed by OWASP for educational purposes. We will go through the steps of deploying this web application and we will run a scan on it using Acunetix as a DAST (black box) tool. The OWASP Juice Shop…
Debunking 5 Cybersecurity Posture Myths
Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to…
What is Remote File Inclusion (RFI)?
Using remote file inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential web security consequences of a successful RFI attack range from sensitive information disclosure and…
How to Convert a Selenium Login Script into a Login Sequence File
Selenium is a tool that allows you to automate browser actions. It is often used by QA engineers to automatically and efficiently test the functionality of web applications. You can create Selenium scripts that examine specific functionality of a web application, ensuring that it produces…
Scanning the DVWA Application with Acunetix
DVWA is an intentionally vulnerable web application that you can install on your server to test vulnerability scanners or to practice penetration testing. You may want to use DVWA to test the capabilities of the Acunetix vulnerability scanner and compare it to similar tools. This…
New update introduces support for Swagger 2.0, quarterly scheduled scans, and new vulnerability checks for F5 BigIP iRule, .NET, Oracle E-Business Suite, and others
Acunetix Version 13 build 13.0.200326097 for Windows and Linux has been released. This new build introduces support for Swagger 2.0 and quarterly scheduled scans. In addition, proof of exploit has been implemented for blind SQL Injection vulnerabilities, the scanning engine will now stop and report…
How to Defend against Black Hat Hackers during the COVID-19 Pandemic
The SARS-CoV-2 coronavirus outbreak and the COVID-19 illness are instrumental for cybercriminals. Both businesses and private users are a major cyberattack target due to chaos and panic that surrounds the coronavirus pandemic. Here is what we believe that organizations should do to maintain a high…
What Are Insecure Direct Object References
Insecure direct object references (IDOR) are a cybersecurity issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks. For example, an IDOR vulnerability would happen if the…
What Are Import Files and How Do They Help to Scan
An Acunetix crawl can be pre-seeded using various techniques. Pre-seeding an Acunetix crawl with such data gives the Acunetix crawler a head start when scanning a target, while ensuring that the requests already captured using other tools are not missed by the Acunetix crawler. This…
Acunetix Is Offering Complimentary Licenses to Agencies Fighting COVID-19
The COVID-19 outbreak has created unprecedented issues across the globe especially for those organizations tasked to respond to the crisis. Unfortunately, in the time of a global pandemic, there are more people trying to take advantage of those who are most vulnerable. There have already…