Increasingly sophisticated cyberattacks against federal agencies highlight the urgent need to enhance federal cybersecurity. To help with this, CISA has published the Zero Trust Maturity Model to assist agencies in implementing zero trust architecture (ZTA) – and modern AppSec solutions are a crucial part of…
Acunetix introduces support for Brotli encoding, IAST support for new Node.js frameworks, and many new vulnerability checks
A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.5.211008143. This Acunetix release introduces support for the Brotli encoding and URL optional fields. The Node.js IAST AcuSensor has been updated to support numerous frameworks and the JAVA IAST AcuSensor can now…
Stop compromising on web application security
Modern web applications are often in continuous development in highly automated workflows, so keeping them secure requires equally automated AppSec solutions. When you add to this a highly dynamic threat environment, manual security processes cannot hope to keep up. This post presents highlights from an…
Paul’s Security Weekly: Securing iframes using the sandbox attribute
Our Senior Security Researcher, Benjamin Daniel Mussler, has been invited to the Security Weekly podcast to talk about the security of iframes and, in particular, how to secure iframes using the sandbox attribute. Benjamin first talked about how traditional framesets have become completely obsolete but…
Integrating Acunetix with GitHub for CI/CD
You can integrate your Acunetix Premium account with GitHub for issue management and for CI/CD purposes. This article shows how to configure your GitHub account and how to integrate with it in Acunetix Premium for CI/CD. If you want to know how to integrate with…
Debunking 5 cybersecurity posture myths
Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young information security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to work…
Web vulnerability classes in the context of information security certifications
For certifications such as CISSP, CISA, Security+, CASP+, or CySA+, web vulnerability classes make up only a small part of the knowledge required to pass the exam. For instance, the CISSP exam evaluates the student’s expertise in eight domains, and even advanced knowledge of subjects…
To build DevSecOps, you need both modern tools and cultural changes
The ATARC webinar and panel discussion Organized under the title “Shifting Security Left with DevSecOps,” the joint webinar brought together industry and government experts to talk about the everyday realities of application security efforts in government agencies and the latest tools available to support them….
OWASP Top 10 2021 – what’s new, what’s changed
The 2021 edition of the OWASP Top 10 is finally out*! Let’s have a look at what OWASP introduced/changed in their industry-standard checklist for web application security and let’s compare it with our predictions from last year for the OWASP Top 10 2021. Last but…