Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings. Essentially, black-box testing takes an approach similar…
Author Archives Ian Muscat
THE AUTHOR
Ian Muscat
Using Client Certificates in Acunetix
In most TLS handshakes, the client authenticates the server, therefore, the client knows that the server is who it says it is, but the server doesn’t know much about the client. In most cases, this is fine — authentication via credentials is enough in many…
How to enable Email Notifications in Acunetix On-Premises
While Acunetix provides us with a realtime dashboard and scan results, sometimes, you may simply want to be notified when an event that requires your attention occurs, for example, when a scan completes. In Acunetix on-premises, you’ll need to configure an SMTP server that will…
Issue Tracker Integration with Acunetix
An Issue Tracker such as Atlassian JIRA, GitHub and Microsoft TFS is a powerful and essential tool in the Software Development Life Cycle (SDLC) of almost any software project. It helps development teams streamline collaboration and manage their work without getting lost in an endless…
XML External Entity (XXE) limitations
Part 2 in the series on XML External Entity (XXE) explores the limitations and workarounds. XML External Entity (XXE) is a very convenient vulnerability for an attacker to exploit, however, there are cases where obtaining certain files may be difficult. The following is one such…
Configuring HTTP Proxy Settings in Acunetix
If the target website or web application you intend to scan is only reachable via an HTTP proxy, you will need to configure Acunetix On-Premises to make use of that HTTP proxy server before running the scan. You can set different proxy settings per Target…
Acunetix Vulnerability Testing Report 2017
Each year the Acunetix Team compiles a vulnerability testing report based on data from Acunetix Online. This third Vulnerability Testing Report contains data and analysis of vulnerabilities detected by Acunetix throughout the period of March 2016 to March 2017, illustrating the state of security of…
Vulnerability Classification in Acunetix
The way most people think about vulnerabilities is usually in terms of severity — which is why Acunetix defaults to using a straight-forward, color-coded ‘high’, ‘medium’, ‘low’ severity rating for the vulnerabilities it finds. However, Acunetix also provides other vulnerability classifications which may prove useful…
How to Scan for Specific Vulnerabilities
If you do not need to perform a full scan, you may choose from the list of Scan Types to run against a Target. Scan Types are a logical grouping of tests that test for specific classes of vulnerabilities such as SQL injection or Cross-Site…