What is the cost of a data breach?

If your company isn’t taking important steps to protect against a potential data breach, it might be time to worry – attacks on businesses and organizations are increasing, and so are their costs. According to a new study by the Ponemon Institute, an average cost of a “regular” breach ranges from $2.2 million to $6.9 […]

Read More →

A Security-focused Introduction to HTTP, Part 2

This is the second part of a two part series on HTTP basics. In this second part, we cover several attributes of the HTTP protocol such as encoding, HTTP headers and authentication in more detail. Query strings The query string is defined using the question mark (?) character after the URL within an HTTP request. […]

Read More →

Deserialization Vulnerabilities: Attacking Deserialization in JS

At ZeroNights 2017 conference, I spoke about “Deserialization vulnerabilities in various languages”. For my presentation, I used an interesting article about two serialization packages of Node.js. I showed them as examples of vulnerable implementations of deserialization processes. In this post, I’d like to show results of my own research and a new approach of attacking […]

Read More →

What’s new in Acunetix v12

Hot on the release of Acunetix v12, check out what’s NEW in this brief presentation highlighting: Scan speed of up to 2X faster Support for latest JavaScript technologies (ES7) New AcuSensor for Java web applications Pause and Resume scan functionality Exclusion of specific paths in the site’s structure directly from the UI Inclusion of Password […]

Read More →

Virginia scanning program (VITA) uses Acunetix to slash vulnerabilities in web apps

The Virginia Information Technologies Agency (VITA) announced that it cut the number of high-risk vulnerabilities affecting its web applications by 30 percent in one year by implementing a vulnerability-scanning program that includes the use of Acunetix. VITA’s Web Application Vulnerability Scanning Program, implemented in 2016, uses Acunetix to check more than 1,600 public-facing web applications […]

Read More →

Recommendations for TLS/SSL Cipher Hardening

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL) are widely used protocols designed secure the transfer of data between the client and the server through authentication, encryption and integrity. Contrary to common assumptions TLS/SSL is a not only a widely used technology in websites and web applications (using the HTTP protocol), but […]

Read More →