Vulnerability scanners are not that different from virus scanners. In both cases, the goal of the software is to find something out of the ordinary in the target. A virus scanner scans local resources and local storage of a computer to find potentially malicious software….
Author Archives Tomasz Andrzej Nidecki
THE AUTHOR
Tomasz Andrzej Nidecki
Technical Content Writer
Technical Content Writer
How To Benchmark a Web Vulnerability Scanner?
You’ve made the right decision to improve your web application security stance and perform regular web application scanning. However, there are several renowned web vulnerability scanners on the market and you have to choose one. How do you do that? As a first step, you…
DevSecOps with Acunetix – The Human Factor
The old-school DevOps model, where the security team works in a silo, separated from agile development teams, introduces a lot of tensions. With such an organization, developers often perceive security analysts as the “bad cops” who make their life difficult. On the other hand, security…
5 Reasons Why Web Security Is Important to Avoid Ransomware
In the world of IT security in general, 2020 so far could be called the year of ransomware. The news is full of reports of new ransomware attacks and based on the trends so far, we can expect the situation to keep getting worse. Many…
Would the Real IAST Please Stand Up?
Opinion: The term Interactive Application Security Testing (IAST) is probably the vaguest in the world of application security testing. Any tool that extends beyond the traditional DAST or SAST model may use it – and many do. However, I feel that only AcuSensor truly deserves…
What Is the R.U.D.Y. Attack
R.U.D.Y. (R-U-Dead Yet) is a denial-of-service attack tool. Unlike most DoS and DDoS attack tools, the R.U.D.Y. attack tool uses Layer 7 (it is an application layer attack). The attack technique of the R.U.D.Y. tool is very similar to the Slowloris attack. It uses slow…
Web Application Security Testing in an Agile Software Development Life Cycle – A Technical Case Study
We’ve teamed up with Acme Corporation (name changed for privacy and security reasons) to bring you a very detailed look at how a medium-sized business managed to successfully include web security testing in their SDLC processes. Before introducing Acunetix, Acme had major problems with web…
What Top Web Attacks Can We Expect in the New OWASP Top 10?
The latest edition of the Open Web Application Security Project Top Ten was released in 2017, four years after the previous one. Therefore, we can expect that the new version of this cybersecurity report will be out sometime next year. Let us have a look…
SAST Teaches How to Go Around Problems, Not Fix Them
Opinion: SAST tools have one advantage – they point the developer to the root cause of the problem. However, this is also a major disadvantage. They don’t teach the developer about the consequences. They don’t teach the developer how to avoid making mistakes. As a…