Select Page








Acunetix version 12 (build 12.0.190227132 – Windows and Linux) has been released. This new build includes a good number of new vulnerability checks, including checks for the recently discovered Drupal Remote Code Execution vulnerability, another RCE in ThinkPHP, Local File Inclusion vulnerabilities in vBulletin and Typo3, Unauthorized Access vulnerabilities in FastGI and uWSGI and new […]

Read More →







In this series, we will be showing step-by-step examples of common attacks. We will start off with a basic SQL Injection attack directed at a web application and leading to privilege escalation to OS root. SQL Injection is one of the most dangerous vulnerabilities a web application can be prone to. If a user’s input […]

Read More →







A security researcher Youssef Sammouda (Samm0uda) recently discovered a critical CSRF (Cross-site Request Forgery) security vulnerability on Facebook. This security issue could have been used to take over any Facebook user account. Samm0uda reported the bug on January 26 and Facebook fixed it just 5 days later. On February 12, Facebook awarded Samm0uda with $25,000 […]

Read More →







Benjamin Daniel Mussler, Senior Security Researcher at Acunetix meets with Paul at Paul’s Security Weekly to discuss how Acunetix handles authentication to broaden the scan surface and why a web vulnerability scanner should be able to log into protected areas.

Read More →







Server Side Request Forgery (SSRF) vulnerabilities let an attacker send crafted requests from the back-end server of a vulnerable web application. Criminals usually use SSRF attacks to target internal systems that are behind firewalls and are not accessible from the external network. An attacker may also leverage SSRF to access services available through the loopback […]

Read More →







SSL is a fundamental piece of technology when you want to run a protected Apache site. SSL certificates permit you to scramble all the traffic sent to and from your Apache site to keep others from seeing the majority of the traffic. It utilizes open key cryptography to set up a safe connection. This implies […]

Read More →







With Acunetix, it is not only possible to start a scan instantaneously, but you can schedule a scan for a future date and time, or schedule recurrent scans which might be helpful for periodical reporting. These can be set up as follows: After adding the target and configuring the scan settings, click on Scan. Once […]

Read More →







Acunetix version 12 (build 12.0.190206130 – Windows and Linux) has been released. This new build makes it easier to record Login Sequences which can be used to scan restricted areas, and provides support to provide Swagger and WSDL as import files to be used by the scanner. The new build includes a good number of […]

Read More →







One-Time Tokens add another layer of security, supplementing the username and password with a code that only the individual user has access to (for example by SMS or via a security key). A CAPTCHA has a different purpose, as it provides a test used to identify whether the user is human or an automated system. […]

Read More →







Acunetix compiles an annual web application vulnerability report. The purpose of this report is to provide security experts and interested parties with an analysis of data on vulnerabilities gathered over the previous year. The 2019 report contains the results and analysis of vulnerabilities, detected from the automated web and network perimeter scans run on the […]

Read More →





Source