Recommendations for TLS/SSL Cipher Hardening

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL) are widely used protocols designed secure the transfer of data between the client and the server through authentication, encryption and integrity. Contrary to common assumptions TLS/SSL is a not only a widely used technology in websites and web applications (using the HTTP protocol), but […]

Read More →

Cyber Threats vs Vulnerabilities vs Risks

It’s common for terms such as cyber threats, vulnerabilities and risks to be conflated and confused. This post aims to define each term, highlight how they differ and how they are related to one-another. Cyber Threats Cyber threats, or simply, threats refer to circumstances or events with the potential to cause harm by way of […]

Read More →

Cross-site Flashing (XSF) WordPress Vulnerability, Unpatched and Exploitable

WordPress, the content management system powering north of 28% of websites on the Internet, is certainly no stranger to providing timely security patches to its hundreds of millions of users when security researchers report them. This time however, things took a slightly different turn — Enguerran Gillier, a security researcher discovered and disclosed a Cross-site […]

Read More →

Acunetix Security Hardening Guide

The following guide provides a series of recommendations for improving the security (“hardening”) of your Acunetix On Premise installation. 1. Update to the current version It is recommended that you always run the latest version of Acunetix. Additionally, Acunetix periodically publishes updates, which may include fixes for known security vulnerabilities. By default Acunetix is set […]

Read More →

REST API Security Testing with Acunetix

RESTful (or simply, REST) APIs and web services are continually becoming a core part of modern web applications thanks to the simplicity, scalability and flexibility they provide. Security vulnerabilities in REST APIs expose the same risks as traditional websites and web-applications, however, some characteristics of REST APIs make it challenging for automated web security scanners […]

Read More →

The difference between Vulnerability Assessment and Penetration Testing

Many information security professionals are familiar with the terms ”‘vulnerability assessment” and “penetration testing” (“pentest” for short). Unfortunately, in many cases, these two terms are incorrectly used interchangeably. This post aims to clarify differences between vulnerability assessment and penetration testing, demonstrate that both are integral components of a well-rounded vulnerability management program, and discuss when […]

Read More →

What is Black-box Security Testing?

Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings. Essentially, black-box testing takes an approach similar to that of a real attacker. Since black-box security testing […]

Read More →

Using Client Certificates in Acunetix

In most TLS handshakes, the client authenticates the server, therefore, the client knows that the server is who it says it is, but the server doesn’t know much about the client. In most cases, this is fine — authentication via credentials is enough in many cases, however, some web applications require that the client also […]

Read More →