What is XML External Entity (XXE)? Part 1

XML External Entity (XXE) refers to a specific type of Server-side Request Forgery (SSRF) attack, whereby an attacker is able to cause Denial of Service (DoS) and access local or remote files and services, by abusing a widely available, rarely used feature in XML parsers. XML is a vastly used data format found in everything […]

Read More →

Configuring HTTP Proxy Settings in Acunetix

If the target website or web application you intend to scan is only reachable via an HTTP proxy, you will need to configure Acunetix On Premise to make use of that HTTP proxy server before running the scan. You can set different proxy settings per Target in Acunetix On Premise. This is useful if different […]

Read More →

VIDEO: Acunetix Login Sequence Recorder

The Acunetix Login Sequence Recorder can be used to test password-protected areas of your website automatically. In order to scan a form-based password protected area, you will need to make use of a Login Sequence during the scan. The Login Sequence can be configured from the Target settings page in the General tab using the […]

Read More →

How to scan for specific vulnerabilities

If you do not need to perform a full scan, you may choose from the list of Scan Types to run against a Target. Scan Types are a logical grouping of tests that test for specific classes of vulnerabilities such as SQL injection or Cross-Site Scripting tests which you can use to reduce the scope […]

Read More →

What is Email Header Injection?

It’s common practice for websites to implement contact forms which in-turn send emails to an intended recipient of the message by a legitimate user. Most of the time such a contact form would set SMTP headers such as From and Reply-to to make it easy for the recipient to treat communication from the contact form […]

Read More →

What is a Host Header Attack?

It is common practice for the same web server to host several websites or web applications on the same IP address. This why the host header exists. The host header specifies which website or web application should process an incoming HTTP request. The web server uses the value of this header to dispatch the request […]

Read More →

How to scan an HTTP Authentication restricted area

In addition to support for form authentication, which Acunetix supports via the Login Sequence Recorder, you can also scan areas of a website or web application which are restricted through the means of HTTP Authentication. HTTP Authentication, sometimes referred to as Basic Authentication, is a type of authentication that is formally defined in the HTTP […]

Read More →