TLS Security 3: SSL/TLS Terminology and Basics

To understand how Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols works, you must first understand certain basic concepts. The primary mechanism used by SSL/TLS is asymmetric encryption with cipher suites. These and related terms are explained below. Encryption Encryption is the process in which a human-readable message (plaintext) is converted into an […]

Read More →

New build highlights verified vulnerabilities, checks for Nagios XI RCE, Cisco ISE XSS, Rails File Content Disclosure

Acunetix version 12 (build 12.0.190325161 – Windows and Linux) has been released. This new build indicates which vulnerabilities are verified and includes vulnerability checks for RCE in Nagios XI, XSS in Cisco Identity Service Engine, Rails File Content Disclosure, Apache Solr Deserialization of untrusted data, Next.js arbitrary file read and an update to detect XSS […]

Read More →

Step by Step Configuration of Acunetix with Jenkins

Acunetix offers out-of-the-box integration with Jenkins CI. The setup procedure requires the Acunetix API key, which is available for Enterprise editions. Before proceeding any further, ensure that you have installed the latest version of Acunetix. You can download it from https://www.acunetix.com/fullver  Note that these instructions are for a Windows installation but you can easily modify […]

Read More →

Out-of-band XML External Entity (OOB-XXE)

As with many types of attacks, you can divide XML External Entity attacks (XXE attacks) into two types: in-band and out-of-band. In-band XXE attacks are more common and let the attacker receive an immediate response to the XXE payload. In the case of out-of-band XXE attacks (also called blind XXE), there is no immediate response […]

Read More →

What Are XML External Entity (XXE) Attacks

An XML External Entity (XXE) attack (sometimes called an XXE injection attack) is based on Server Side Request Forgery (SSRF). This type of attack abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service (DoS) as well as access local and remote content […]

Read More →

RSA Conference 2019 Highlights

The Acunetix team has returned from RSA Conference 2019 held once again at the Moscone Business Centre in San Francisco. This week-long conference was attended by security professionals from around the globe. Mark Schembri and Bernhard Abele from the Acunetix Support team and Daniel Sauritch and Daniel McClean Regional Sales Executives where in attendance to […]

Read More →