Chunghwa Telecom secures over 100 websites with Acunetix

Chunghwa Telecom, Taiwan’s largest integrated telecommunications services company, with over 12,000 employees and 100 websites, has been using Acunetix since 2009 to protect both their internal critical websites and customer systems. After analysing both HP Webinspect and IBM AppScan, Chunghwa Telecom found Acunetix to be best suited for their application scenario, both in terms of […]

Read More →

Acunetix Vulnerability Testing Report 2017

Each year the Acunetix Team compiles a report based on data from Acunetix Online. This third Vulnerability Testing Report contains data and analysis of vulnerabilities detected by Acunetix throughout the period of March 2016 to March 2017, illustrating the state of security of web applications and network perimeters. With Cross-site Scripting (XSS) vulnerabilities found on […]

Read More →

Simple to use security scan in the cloud – Video

Security breaches are the most common issues that company IT departments in all sectors look out for. Companies are taking extensive measures to address threats and create value by running their software in the cloud (63% according to a 2016 PWC report). Performing a regular security scan of a company’s website and perimeter network assets […]

Read More →

Vulnerability Classification in Acunetix

The way most people think about vulnerabilities is usually in terms of severity — which is why Acunetix defaults to using a straight-forward, color-coded ‘high’, ‘medium’, ‘low’ severity rating for the vulnerabilities it finds. However, Acunetix also provides other vulnerability classifications which may prove useful in situations where additional vulnerability classification information is required. The […]

Read More →

Major Update of Acunetix Online out now!

Acunetix Online has undergone a mammoth update, now enjoying all the features and benefits found in Acunetix On Premise, including: Integrated vulnerability management, greater manageability of threats and targets and the integration of popular WAFs and Issue Tracking systems. Acunetix Online also features a brand new UI for greater ease-of-use and manageability. New web-based user […]

Read More →

What is Email Header Injection?

It’s common practice for websites to implement contact forms which in-turn send emails to an intended recipient of the message by a legitimate user. Most of the time such a contact form would set SMTP headers such as From and Reply-to to make it easy for the recipient to treat communication from the contact form […]

Read More →

What is Code Injection?

Code Injection, or Remote Code Execution (RCE) refers to an attack where in an attacker is able to execute malicious code as a result of an injection attack. Code Injection differs from Command Injection since an attacker is confined to the limitations of the language executing the injected code. While it’s possible for an attacker […]

Read More →

What is Local File Inclusion (LFI)?

Local File inclusion (LFI), or simply File Inclusion, refers to an inclusion attack through which an attacker can trick the web application in including files on the web server by exploiting functionality that dynamically includes local files or scripts. The consequence of a successful LFI attack includes Directory Traversal and Information Disclosure as well as […]

Read More →

What is Remote File Inclusion (RFI)?

Remote File inclusion (RFI) refers to an inclusion attack wherein an attacker can cause the web application to include a remote file by exploiting a web application that dynamically includes external files or scripts. The consequences of a successful RFI attack include Information Disclosure and Cross-site Scripting (XSS) to Remote Code Execution. Remote File Inclusion […]

Read More →