How many users can be created in Acunetix?

Acunetix is a multi-user system. The first account that is created is the main admin account, also referred to as the root account. This main admin account can create additional users, giving a role to each user account and configuring which Scan Targets can be scanned or reported on. More information on creating and managing […]

Read More →

Will my Target settings and scan data be retained when upgrading from Acunetix v11 to Acunetix v12?

When you install Acunetix v12 on the same machine as Acunetix v11, your Acunetix settings, Targets, Scan and Report data will all be retained. You will just need to install Acunetix v12 on the same machine as Acunetix v11,and your Acunetix installation will be upgraded automatically. Follow the instructions in [link to previous article] for […]

Read More →

New build detects an unfixed WordPress file deletion vulnerability, vulnerabilities in WordPress plugins and Joomla! Core

Acunetix v12 (build 12.0.180628131) has been released. This new build detects an unfixed WordPress file deletion vulnerability, vulnerabilities in multiple WordPress Plugins and two Joomla! Core vulnerabilities. Below is a full list of updates. New Features and Vulnerability tests New test for WordPress Arbitrary File Deletion Vulnerability described here and here (CVE-2018-12895) Added detection of […]

Read More →

Visit us at OWASP AppSec EU 2018

Acunetix will be exhibiting at OWASP AppSec in London between the 2nd and 6th July 2018 at the Queen Elizabeth 11 Centre (QE2) The OWASP Annual AppSec EU Security Conference, is the premier application security conference for European developers and security experts. We invite all customers and partners to visit us at Stand 01 in […]

Read More →

New build adds detection of vulnerabilities in WordPress, Django, multiple Spring Framework and Atlassian products

Acunetix v12 (build 12.0.180619111) has been released. This new build introduces new vulnerability checks for WordPress, Django, multiple Spring Framework and Atlassian products. Below is a full list of updates. New Features and Vulnerability tests Spring Data Commons RCE via Spring Expression Language (SpEL) injection (CVE-2018-1273) Atlassian OAuth Plugin IconUriServlet SSRF, affecting multiple Atlassian products […]

Read More →

Deserialization Vulnerabilities: Attacking Deserialization in JS

At ZeroNights 2017 conference, I spoke about “Deserialization vulnerabilities in various languages”. For my presentation, I used an interesting article about two serialization packages of Node.js. I showed them as examples of vulnerable implementations of deserialization processes. In this post, I’d like to show results of my own research and a new approach of attacking […]

Read More →