Whitepapers on Web Security

enterprises-are-losing-the-war-banner

Web Application Security – Enterprises Are Losing the War

Acunetix, September 2020 – Acunetix teamed up with Dimensional Research to conduct a survey and learn how effectively enterprises are handling web application security. Unfortunately, the results were not very optimistic. This report contains the results of the survey analysis with explanations and commentaries.

Read the White Paper
php-security-1-sql-injections-banner

PHP Security 1: SQL Injections

Agathoklis Promodou, May 2019 – In this mini guide, author Agathoklis Promodou looks the world’s most popular (Server-side) Web Programming Language – PHP. Like other programming languages, PHP can be exposed to a number of vulnerabilities – this mini guide examines some of the problems that should be considered every time you set out to write a PHP script so you can ensure your site is secure. These are the problems which, with well-written code, can be effectively mitigated.

Read the White Paper
tls-security-1-what-is-ssl_tls-banner

TLS Security 1: What Is SSL/TLS

Acunetix, April 2019 – In this white paper, we focus on two widely known and used protocols in computer security, SSL and TLS. We describe what is TLS/SSL, take a brief look at its history, describe some of the terminology, explain TLS/SSL certificates and their use, we look at establishing an SSL connection and look at possible TLS/SSL vulnerabilities and attacks.

Read the White Paper
all-about-man-in-the-middle-attacks-banner

All about Man-in-the-Middle Attacks

Tomasz Andrzej Nidecki, March 2019 – Black hat hackers usually use man-in-the-middle attacks to eavesdrop on communications between a client and a server, including HTTPS connections to websites, other SSL/TLS connections, Wi-Fi connections, and more. This white paper details all common techniques that are used to conduct man-in-the-middle attacks, explains how these techniques work, and how to defend against them.

Read the White Paper
deserialization-vulnerabilities_attacking-deserialization-in-js-banner

Deserialization Vulnerabilities: Attacking Deserialization in JS

Aleksei Tiurin, June 2018 – At ZeroNights 2017 conference, Security Researcher Aleksei Tiurin spoke about “Deserialization vulnerabilities in various languages”. For his presentation, he used an interesting article about two serialization packages of Node.js. Aleksei showed them as examples of vulnerable implementations of the deserialization processes. In this article, he shows the results of his own research and a new approach of attacking deserialization in JS.

Read the White Paper
gdpr-data-controllers-be-prepared-banner

GDPR: Data Controllers Be Prepared

Matt Conran, March 2018 – With the arrival of new General Data Protection Regulation (GDPR) legislation, security professionals must become data-centric. As a result, they no longer rely on traditional practices to monitor and protect data along with the web applications that act as a front door to the user’s personal data. As on May 25, 2018, the European Union’s (EU’s) GDPR will come into play. A single supervisory authority will be used, rather than a separate one for each EU member state. It will provide a well-needed framework that will govern the way the personal data is gathered, stored and used.

Read the White Paper
securing-mysql-server-ubuntu-16-04-lts-banner

SQL Security: Securing MySQL Server on Ubuntu 16.04 LTS

Acunetix, July 2016 – In this white paper, we will focus on how to create a more secure environment for MySQL server, which is currently the second most popular database management system (DBMS), in order to prevent common attacks, as well as to mitigate the attack vector of other vulnerabilities. For the purposes of this article we have setup a machine running Ubuntu 16.04 LTS (Xenial Xerus) and MySQL 5.7. We have also edited our hosts file to point ‘example.com’ to the IP address of our test machine.

Read the White Paper
introduction-web-shells-part-1-banner

An Introduction to Web Shells (Web Shells Part 1)

Acunetix, July 2016 – A web-shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. In this white paper, we look at common functions used to execute shell commands in PHP, possible tricks attackers can use to keep web shells under-the-radar, and tips on detection and prevention.

Read the White Paper
drupal-security-top-tips-to-secure-your-drupal-application-banner

Drupal Security: Top tips to secure your Drupal application

Acunetix, February 2016 – Drupal is a very popular Content Management System (CMS) on the Internet today. Drupal sites, especially ones running older versions of the CMS or it’s modules are a ripe target for attackers. In this white paper, we detail a few measures which can be taken to address the basic security holes or malpractices that are commonly present in thousands of Drupal sites.

Read the White Paper

Success Stories

Since it was a free service offered to nonprofit organizations, I decided why not. It would only strengthen my resolve that my programming was flawless! After scheduling an evening website scan so as to not impact the server, I was shocked when a PDF report was emailed to me in the morning indicating that 67 high priority problems were encountered!

Read Case Study

A strong and comprehensive web vulnerability scanner that can be used to discover flaws in our customers’ web applications as well as first class support from Acunetix.

Read Case Study

Acunetix is used in a complementary way with other Web Scanners to achieve the best vulnerability detection coverage possible.

Read Case Study