Yesterday, the details of the latest vulnerability affecting SSL started emerging, and in no time, everyone started talking, or rather blogging about POODLE. POODLE stands for Padding Oracle On Downgraded Legacy Encryption and affects the 15 year old SSLv3, which should have been deprecated and…
Author Archives Nicholas Sciberras
THE AUTHOR
Nicholas Sciberras
Chief Technical Officer
Chief Technical Officer
How to Configure Acunetix to Successfully Crawl WIVET
WIVET stands for Web Input Extractor Teaser, and is a web application that is designed to test the crawling capabilities of web application scanners. WIVET has been used in web application scanner reviews, such as the reputable review by Shay Chen – The Web Application Vulnerability…
ShellShock’s magnitude for potential damage – truly shocking!
48 hours since the latest in the series of BIG BUGS 2014 has made the news, and the Internet community is still struggling to assess the damage. After the initial moments of disbelief, researchers started coming to terms with the fact that Bash had a…
WordPress 4.0 “Benny” released
The long awaited WordPress version 4.0, codenamed “Benny” in honour of jazz clarinettist and band leader Benny Goodman has been released. While this does seem like a major release to some of us, since it includes a good amount of features easing the blog writers’…
List of checks done by Acunetix on WordPress
In a bid to ensure WordPress Security, an Acunetix web vulnerability scan is able to detect a WordPress installation, and will execute various WordPress related checks when the popular blogging web application is identified. When WordPress is detected, Acunetix will issue the following knowledge base…
Heartbleed Used to Steal Credentials and Breach Community Health Systems
Last Monday, Community Health Systems (CHS) filed an 8-K filing with the US Securities and Exchange Commission, confirming a security breach which occurred in April and June, 2014. CHS blamed the breach on a group of Chinese hackers. The 8-K filing confirms that the hackers…
Word Press Security Revisited
Starting as just a good blogging system in 2003, Word Press has grown to be the most popular Content Management System (CMS), used in over 22% of the top 1 million web sites. It is the CMS that can be installed in less than 5…
AcuMonitor could have Detected PayPal’s Blind XSS Vulnerability
Vulnerability-Lab, a Germany-based security research company, recently identified an application-side validation web vulnerability, which allows an attacker to inject code in his user profile. The injected code gets executed when a PayPal employee loads the user’s details on PayPal’s backend system. This type of vulnerability…
Common Platform Enumeration (CPE) Explained
When running a network scan on your perimeter server using Acunetix Vulnerability Scanner, one of the Informational alerts shown in the scan results is the CPE Inventory. The data that is collected during the scan is aggregated using the CPE standard, originally defined by MITRE,…