Security breaches are the most common issues that company IT departments in all sectors look out for. Companies are taking extensive measures to address threats and create value by running their software in the cloud (63% according to a 2016 PWC report). Performing a regular security scan of a company’s website and perimeter network assets […]
Acunetix Online is a multi-user system. The first account that is created is the main admin account, also referred to as the root account. This main admin account can create additional users, giving a role to each user account and configuring which Scan Targets can be scanned or reported on. More information on creating and […]
The way most people think about vulnerabilities is usually in terms of severity — which is why Acunetix defaults to using a straight-forward, color-coded ‘high’, ‘medium’, ‘low’ severity rating for the vulnerabilities it finds. However, Acunetix also provides other vulnerability classifications which may prove useful in situations where additional vulnerability classification information is required. The […]
The scan results of a web scan includes the Site Structure identified and scanned by Acunetix. This can be accessed from the Scan Results page > Site Structure tab. Click on the folder icons to expand the site structure. Acunetix will show the vulnerabilities identified on the file or folder selected.
Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network. Additionally, it’s also possible for an attacker to leverage […]
If you do not need to perform a full scan, you may choose from the list of Scan Types to run against a Target. Scan Types are a logical grouping of tests that test for specific classes of vulnerabilities such as SQL injection or Cross-Site Scripting tests which you can use to reduce the scope […]
Acunetix Online has undergone a mammoth update, now enjoying all the features and benefits found in Acunetix On Premise, including: Integrated vulnerability management, greater manageability of threats and targets and the integration of popular WAFs and Issue Tracking systems. Acunetix Online also features a brand new UI for greater ease-of-use and manageability. New web-based user […]
SQL injection (SQLi) refers to an injection attack wherein an attacker can execute arbitrary SQL statements by tricking a web application in processing an attacker’s input as part of an SQL statement. This post will focus on how to prevent SQL injection vulnerabilities within PHP applications and fix them. This post assumes you have a […]
It’s common practice for websites to implement contact forms which in-turn send emails to an intended recipient of the message by a legitimate user. Most of the time such a contact form would set SMTP headers such as From and Reply-to to make it easy for the recipient to treat communication from the contact form […]
Acunetix includes an API which can be used to integrate Acunetix with other applications. The API allows the creation and scanning of Targets,retrieve scan results and generate Acunetix reports. Contact us to get more information, and for a copy of the Acunetix API documentation. View all the Acunetix FAQs here.