This is the first part in a two part series on HTTP security and HTTP basics. In this first part we bring you overview of the HTTP protocol. HTTP is a ubiquitous protocol and is one of the cornerstones of the web. If you are a newcomer to web application security, a sound knowledge of […]

Read More →

Acunetix is a multi-user system. The first account that is created is the main admin account, also referred to as the root account. This main admin account can create additional users, giving a role to each user account and configuring which Scan Targets can be scanned or reported on. More information on creating and managing […]

Read More →

When you install Acunetix v12 on the same machine as Acunetix v11, your Acunetix settings, Targets, Scan and Report data will all be retained. You will just need to install Acunetix v12 on the same machine as Acunetix v11,and your Acunetix installation will be upgraded automatically. Follow the instructions in [link to previous article] for […]

Read More →

In Acunetix version 12, the maximum number of Targets that you can configure in Acunetix is defined by your License. You can check how many Targets your license allows from the Acunetix UI > Click on your username at the top right corner, and select Profile > License section. The number of licensed Targets is […]

Read More →

There are situations where you need to crawl a site, and choose which paths to scan after crawling the site. This feature has been re-introduced in Acunetix version 12. You will first need to run a Crawl, after which you can choose which files not to scan from the Site Structure. Proceed as follows: From […]

Read More →

Acunetix v12 (build 12.0.180628131) has been released. This new build detects an unfixed WordPress file deletion vulnerability, vulnerabilities in multiple WordPress Plugins and two Joomla! Core vulnerabilities. Below is a full list of updates. New Features and Vulnerability tests New test for WordPress Arbitrary File Deletion Vulnerability described here and here (CVE-2018-12895) Added detection of […]

Read More →

Acunetix will be exhibiting at OWASP AppSec in London between the 2nd and 6th July 2018 at the Queen Elizabeth 11 Centre (QE2) The OWASP Annual AppSec EU Security Conference, is the premier application security conference for European developers and security experts. We invite all customers and partners to visit us at Stand 01 in […]

Read More →

An Acunetix scan can easily be included as part of a Jenkins Pipeline. This provides the benefit of automatically integrating the Acunetix security scan into your continuous delivery (CD) pipeline, and this can be declared as part of your project’s source code repository. Prerequisites Before you start, the Acunetix Jenkins plugin must be installed and […]

Read More →

Acunetix v12 (build 12.0.180619111) has been released. This new build introduces new vulnerability checks for WordPress, Django, multiple Spring Framework and Atlassian products. Below is a full list of updates. New Features and Vulnerability tests Spring Data Commons RCE via Spring Expression Language (SpEL) injection (CVE-2018-1273) Atlassian OAuth Plugin IconUriServlet SSRF, affecting multiple Atlassian products […]

Read More →

At ZeroNights 2017 conference, I spoke about “Deserialization vulnerabilities in various languages”. For my presentation, I used an interesting article about two serialization packages of Node.js. I showed them as examples of vulnerable implementations of deserialization processes. In this post, I’d like to show results of my own research and a new approach of attacking […]

Read More →