How to Stop Old, Backup and Unreferenced Files from Leaking Sensitive Information

The very real threat of information disclosure by means of inadvertent exposure of sensitive files has been a constant source of woe for corporations and individuals alike. Despite having the potential for serious repercussions including legal ones, many webmasters, administrators and developers have struggled to contain this common issue for years. This article explores various […]

Read More →

How to Verify a Cross-site Scripting Vulnerability

Analyzing web application vulnerabilities discovered by an automated scanner such as Acunetix often requires us to investigate further. This is in order to: Verify the vulnerability exists in the context of the application. Adjust the vulnerability payload reported by the scanner to something more invasive (i.e. keylogger) in order to make the severity of the […]

Read More →

Aleksei Tiurin Speaker at the OWASP Malta Chapter Meeting

Aleksei “GreenDog” Tiurin, Senior Security Researcher at Acunetix was one of the speakers at this year’s OWASP Malta Chapter held on Wednesday 19th December 2018. His lecture entitled “Reverse Proxies & Inconsistency” looked at the general processes and intricacies of proxy operations, while demonstrating the examples of bypassing restrictions, expanding access to a web application, and […]

Read More →

Happy Holidays from the Acunetix Team

May we take this opportunity to wish all our customers, partners and friends all the very best for 2019! At Acunetix Christmas is a special time for all departments to get together and enjoy a festive meal. Meanwhile the Development Team have kept up their yearly tradition hosting “Xmas at the Devs”, a chance for […]

Read More →

New build checks for vulnerabilities in Apache products, Coldfusion, ACME mini_httpd and Spring Security

Acunetix version 12 (build 12.0.181218140 – Windows and Linux) has been released. This new build checks for vulnerabilities in Apache Solr, Apache mod)jk, Coldfusion, ACME mini_httpd, Spring Security. The new build also includes a number of updates and important fixes. The new vulnerability checks, updates and fixes are available for both Windows and Linux. New […]

Read More →

Why Scoping Cookies to Parent Domains is a Bad Idea

When dealing with Web Application vulnerability assessments, it is very common to come across scenarios where for various reasons (business or otherwise) users decide to focus entirely on Medium or High severity vulnerabilities such as SQL Injection and XML External Entity Injection. As a result, developers and security professionals tend to ignore what are normally […]

Read More →

What is Web Cache Poisoning?

How does Caching work? All forms of Caching in computer science, whether it be CPU cache, HTTP Web Server cache, Database cache and so on, aims to speed up response times for whatever is requested. Doing so helps reduce load as much as possible on the component that is being actively cached. Because of this […]

Read More →