Creating custom vulnerability checks for Acunetix WVS

Vulnerability checks in Acunetix Web Vulnerability Scanner consists of two files; *.script – The actual vulnerability check written in JavaScript.  Such scripts are stored in the <C:\ProgramData\Acunetix WVS x\Data\Scripts> directory. *.xml – This file contains all the documentation related to the vulnerability description, such as vulnerability details, remediation, severity level and other details.  These XML […]

Read More →

FAQ: Is it possible to crawl a site manually?

It is possible to manually crawl your website with Acunetix WVS using a web browser. Using the resultant — and manually crawled — links, it is then possible to build a website structure that will be targeted during the security scan.  This is useful for scanning specific web applications that cannot be automatically crawled due […]

Read More →

Should I scan a website through a web application firewall?

Unfortunately, security scans are frequently launched against a website or web application sitting behind a web application firewall, or some other kind of web security gateway device.  A website audit performed for a website through a “man in the middle” device or software, will only give a false sense of security. First and most importantly of […]

Read More →

New Acunetix WVS V6.5 build; better support for CAPTCHA and modern authentication mechanisms

With the release of Acunetix WVS Version 6.5 latest build; 20090728 (https://www.acunetix.com/support/build-history.htm), we announce that Acunetix WVS has better support for web applications with CAPTCHA, single sign-on and Two factor authentication mechanisms.  Thanks to the new ‘Manual Intervention’ module, IT security professionals can now save valuable time when securing web applications, since much less manual […]

Read More →

VIDEO: Meeting PCI DSS requirements with Acunetix

Unlike web application firewalls, Acunetix Web Vulnerability Scanner focuses on fixing web security problems, whether than preventing them from happening. Acunetix WVS helps in detecting cross site scripting, sql injections and other web vulnerabilities before the web application is exposed on the internet, during its development cycle. When implementing a web application firewall, only PCI […]

Read More →

OpenX 2.6.4 vulnerabilities were identified with Acusensor

If you are making use of OpenX, the following update fixes a number of security flaws that were identified when we made use of Acunetix WVS with the Acusensor technology enabled. Released an advisory detailing these vulnerabilities here. The SQL injection vulnerabilities abuse an INSERT statement and therefore an attacker, or normal web application scanner […]

Read More →

A quick security analysis of Facebook’s Album Privacy

Most social networking sites have privacy options which allow users to share photo albums with selected people or groups. Such features encourage end users to upload possibly compromising photos, for example photos of last night’s party. The idea is that it is acceptable to share certain photos with your friends, but not with your future […]

Read More →