Why is Source Code Disclosure dangerous?

Source code often contains some form of sensitive information—whether it be configuration related information (e.g. database credentials) or simply information on how the web application functions. If disclosed, such information can potentially be used by an attacker to discover logical flaws and escalate into a subsequent chain of attacks which would not be possible without […]

Read More →

JBoss Ransomware Vulnerability Attacks

In recent weeks there have been multiple reports regarding a ransomware campaign, known as SamSam, targeting vulnerable JBoss (now known as WildFly) application servers. An official report released by Cisco Talos states that there have been approximately 3.2 million machines hosting the vulnerable versions of JBoss. Further investigation found that a large number of K-12 […]

Read More →

What’s new in CVSS version 3

The Common Vulnerability Scoring System (CVSS) is an open standard for assessing the severity of security vulnerabilities, designed in such a way that makes it independent from any vendor or industry. In our previous blog post, we discussed CVSS v3 and how Acunetix provides support for it. In this post, we will be exploring CVSS […]

Read More →

Acunetix WVS Input Fields

Many websites include web forms that capture visitor data, such as download forms. Acunetix Web Vulnerability Scanner can be configured to automatically submit random data or specific values to web forms during the crawl and scan stages of a security audit. By default, Acunetix Web Vulnerability Scanner uses a generic submit rule that will submit generic […]

Read More →