The Acunetix team has returned from RSA Conference 2019 held once again at the Moscone Business Centre in San Francisco. This week-long conference was attended by security professionals from around the globe. Mark Schembri and Bernhard Abele from the Acunetix Support team and Daniel Sauritch and Daniel McClean Regional Sales Executives where in attendance to […]
Nicholas Sciberras on Hack Naked News
Acunetix CTO, Nicholas Sciberras, joins Paul at Hack Naked News to discuss a recent security incident which saw white hat hackers flooding VKontakte (VK) with spam on Valentine’s Day. This was part of a revenge prank against the Russian social network after the company failed to both fix and financially reward a security researcher for […]
All That You Need to Know About Man-in-the-Middle Attacks
In a man-in-the-middle (MITM) attack, a black hat hacker takes a position between two victims who are communicating with one another. In this spot, the attacker relays all communication, can listen to it, and even modify it. Imagine that Alice and Barbara talk to one another on the phone in Lojban, which is an obscure […]
GIF Buffer Content Exposed by Facebook Messenger
The saying one man’s trash is another man’s treasure applies to IT security as well. There are several types of attacks, such as buffer overflow, that rely on accessing leftover memory content. For example, this is exactly what the infamous Heartbleed bug in OpenSSL was all about. A Belarussian bug hunter Dzmitry Lukyanenka recently published […]
What is Local File Inclusion (LFI)?
An attacker can use Local File Inclusion (LFI) to trick the web application into exposing or running files on the web server. An LFI attack may lead to information disclosure, remote code execution, or even Cross-site Scripting (XSS). Typically, LFI occurs when an application uses the path to a file as input. If the application […]
How to Configure Acunetix with Kenna Security
You can integrate Acunetix with Kenna Security as a connector, out of the box. The following configuration applies to both the Kenna VM appliance and the SaaS solution. First, create a new Kenna instance. On the Home page, you can see statistics for imported vulnerability assets together with risk management data. To integrate Acunetix with […]
DAST vs SAST: A Case for Dynamic Application Security Testing
Dynamic Application Security Testing (DAST) is a black-box security testing methodology in which an application is tested from the outside. A tester using DAST examines an application when it is running and tries to hack it just like an attacker would. On the other end of the spectrum is Static Application Security Testing (SAST), which […]
Remote Code Execution Possible in Drupal
On February 19, Drupal released a security advisory PSA-2019-02-19 (further amended by PSA-2019-02-22). The advisory contains information about a critical security flaw in Drupal 8.5 and 8.6 core. This flaw, classified as CVE-2019-6340, can be used for remote code execution (code injection). An exploit for this vulnerability has been released just a day later. Blackhat […]
DOM XSS: An Explanation of DOM-based Cross-site Scripting
DOM XSS stands for Document Object Model-based Cross-site Scripting. A DOM-based XSS attack is possible if the web application writes data to the Document Object Model without proper sanitization. The attacker can manipulate this data to include XSS content on the web page, for example, malicious JavaScript code. The Document Object Model is a convention […]
New build checks for Drupal RCE, ThinkPHP RCE, vBulletin LFI and Typo3 Restler LFI
Acunetix version 12 (build 12.0.190227132 – Windows and Linux) has been released. This new build includes a good number of new vulnerability checks, including checks for the recently discovered Drupal Remote Code Execution vulnerability, another RCE in ThinkPHP, Local File Inclusion vulnerabilities in vBulletin and Typo3, Unauthorized Access vulnerabilities in FastGI and uWSGI and new […]