The HTTP Editor is one of the most flexible and widely used tools among the Acunetix Manual Tools suite (available to download for free). The HTTP Editor allows you to create, analyze, and edit client HTTP requests; as well as inspect server responses. It also…
Author Archives Ian Muscat
THE AUTHOR
Ian Muscat
How do I install the Acunetix Root Certificate on another computer?
Acunetix transfers all its data over TLS/SSL between the browser and the server. Therefore, Acunetix makes use of a certificate authority that is unique to each installation and generated during installation. In order to access Acunetix from another computer, after setting it up using this…
How do I configure scan speed in Acunetix?
Being able to scan a website or web application quickly is certainly important, however, a fast scan isn’t always the desired outcome. There are cases where you might be scanning a web application on a web server with very limited resources (especially when scanning web…
How do I use Acunetix on a host other than localhost?
By default, Acunetix (on-premises) will install and configure itself to run on localhost, port 3443. This configuration is suitable if you are using Acunetix on your own, however, you will need to adjust this default configuration if you intend on using Acunetix organization-wide. Fortunately, it’s…
Why do I get a Security Warning in Firefox when I use Acunetix?
If you are a Firefox user, you might have seen TLS/SSL warnings when trying to access the Acunetix On-Premises web console from Firefox. This occurs because Firefox does not recognize the self-signed Acunetix root certificate authority created upon installation. It’s important to note that Firefox,…
33% of websites and webapps are vulnerable to XSS
Cross-site Scripting (XSS) is a much talked-about type of injection vulnerability that occurs on the client-side (that is, in a user’s browser). It occurs, predominantly through the use of JavaScript due to its prevalence in most browsing experiences. Cross-site Scripting can be classified into four…
SQL injection slowly receding, but still a major concern
SQL injection (SQLi) is a frequent topic on this blog – it refers to an injection attack that allows an attacker to execute malicious SQL statements that allow the attacker to control a web application’s database server. Since an SQL injection vulnerability could possibly affect…
Hunting for XXE in Uber using Acunetix AcuMonitor
XML External Entity (XXE) vulnerabilities are attacks which involve an attacker abusing an application which parses XML. The attack occurs against an XML parser which has XML entities enabled. If you are not familiar with XML entities, you can think of them as a rarely…
How to set-up HTTP Authentication (Basic) with Nginx on Ubuntu 16.04
Restricting portions of a web application or directories on a web server to a small group of trusted users can greatly improve the security of a website or web application. Most web applications provide their own form-based methods for authentication, however, we can also make…