VIDEO: Meeting PCI DSS requirements with Acunetix

Unlike web application firewalls, Acunetix Web Vulnerability Scanner focuses on fixing web security problems, whether than preventing them from happening. Acunetix WVS helps in detecting cross site scripting, sql injections and other web vulnerabilities before the web application is exposed on the internet, during its development cycle. When implementing a web application firewall, only PCI […]

Read More →

OpenX 2.6.4 vulnerabilities were identified with Acusensor

If you are making use of OpenX, the following update fixes a number of security flaws that were identified when we made use of Acunetix WVS with the Acusensor technology enabled. Released an advisory detailing these vulnerabilities here. The SQL injection vulnerabilities abuse an INSERT statement and therefore an attacker, or normal web application scanner […]

Read More →

A quick security analysis of Facebook’s Album Privacy

Most social networking sites have privacy options which allow users to share photo albums with selected people or groups. Such features encourage end users to upload possibly compromising photos, for example photos of last night’s party. The idea is that it is acceptable to share certain photos with your friends, but not with your future […]

Read More →

Drupal Local File Inclusion Vulnerability

I was testing our scanner (with AcuSensor enabled) on Drupal (http://www.drupal.org) and the scanner found a possible File Inclusion vulnerability. As you can see from the screenshot above, the GET variable q was set to start/../../xxx….end and it got partially sanitized. It reached the include function as /themes/garland/page-start-..-..-xxx….end.tpl.php. All the slashes were replaced with “-“. […]

Read More →

Acunetix Web Vulnerability Scanner Voted Windowsecurity.Com Readers’ Choice Award Winner for the second time

Acunetix WVS Singled Out by Network Security Administrators and Specialists London, UK – 26 February 2009 – Leading Windows Security resource site, WindowSecurity.com, announced today that Acunetix Web Vulnerability Scanner was selected the winner in the Web Application Security category of the WindowSecurity.com Readers’ Choice Awards. “Our Readers’ Choice Awards give visitors to our site the […]

Read More →

AcuSensor and the pink blog

While testing our AcuSensor technology, I downloaded a small PHP blog application from the internet. The installation went smoothly. This particular application was not using a database but it was storing everything in text files. I added a sample blog post and I was ready to start the scan. The application looked like this before […]

Read More →