http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2012-11-06 16:24:15 - Acunetix Web Application Security Blog : The new Acunetix Web Vulnerability Scanner build number 20121106 includes a number of new features, new security checks, product improvements and as well bug fixes To help web security experts automate their work, in this http://www.secuobs.com/revue/news/409870.shtmlhttp://www.secuobs.com/revue/news/409870.shtml Secuobs.com : 2012-11-02 11:51:06 - Acunetix Web Application Security Blog - Directory listing is a web server function that displays a list of all the files when there is no an index file, such as indexphp and defaultasp in a specific website directory For example, when a http://www.secuobs.com/revue/news/409178.shtmlhttp://www.secuobs.com/revue/news/409178.shtml Secuobs.com : 2012-10-24 12:05:23 - Acunetix Web Application Security Blog - Even the best websites are vulnerable to hacking Though web security continues to improve, hackers are constantly developing new ways to attack and disable corporate and government sites Hackers are now attacking web-based applications, including http://www.secuobs.com/revue/news/407458.shtmlhttp://www.secuobs.com/revue/news/407458.shtml Secuobs.com : 2012-10-18 10:41:45 - Acunetix Web Application Security Blog - The National Weather Service has been hacked by the Kosova Hacker s security group, leading to sensitive server information being leaked The group managed to hack into the server using a Local File Inclusion LFI vulnerability http://www.secuobs.com/revue/news/406397.shtmlhttp://www.secuobs.com/revue/news/406397.shtml Secuobs.com : 2012-10-10 10:43:54 - Acunetix Web Application Security Blog - A client of mine recently asked me if I had any Web development related tips for dealing with Personally Identifiable Information PII With this being an information security 101 type question, I had to think http://www.secuobs.com/revue/news/404706.shtmlhttp://www.secuobs.com/revue/news/404706.shtml Secuobs.com : 2012-10-03 16:16:32 - Acunetix Web Application Security Blog - The new Acunetix Web Vulnerability Scanner 8 build includes a new crawler feature to automatically ignore duplicate input schemes in the same directory With this new crawler feature, scans will take less time to complete http://www.secuobs.com/revue/news/403325.shtmlhttp://www.secuobs.com/revue/news/403325.shtml Secuobs.com : 2012-09-28 14:52:07 - Acunetix Web Application Security Blog - When creating a password protected section for a website, such as an admin portal for a CMS solution, typically developers check if the user session is authenticated If the user session is not authenticated, the user is http://www.secuobs.com/revue/news/402370.shtmlhttp://www.secuobs.com/revue/news/402370.shtml Secuobs.com : 2012-09-20 13:05:11 - Acunetix Web Application Security Blog - When scanning a website with a passwords protected area, Acunetix Web Vulnerability Scanner uses user specified In Session or Out of Session patterns to determine if the logged in session is still valid or not http://www.secuobs.com/revue/news/400768.shtmlhttp://www.secuobs.com/revue/news/400768.shtml Secuobs.com : 2012-09-13 14:34:43 - Acunetix Web Application Security Blog - Many of today s large scale websites are template based This means that most of the website pages which users visit are usually built from the same template file Thus it is normal for a template http://www.secuobs.com/revue/news/399440.shtmlhttp://www.secuobs.com/revue/news/399440.shtml Secuobs.com : 2012-09-11 14:39:08 - Acunetix Web Application Security Blog - The new build of Acunetix Web Vulnerability Scanner released today includes a number of new features, new security checks and also a number of bug fixes Ideal for scanning and securing today s complex custom web http://www.secuobs.com/revue/news/398912.shtmlhttp://www.secuobs.com/revue/news/398912.shtml Secuobs.com : 2012-09-06 09:48:45 - Acunetix Web Application Security Blog - You ve heard me say that planning is half the battle with Web security assessments I m finding that more and more people are on board with thinking things through in advance but there s still one area http://www.secuobs.com/revue/news/397921.shtmlhttp://www.secuobs.com/revue/news/397921.shtml Secuobs.com : 2012-08-29 10:06:57 - Acunetix Web Application Security Blog - A recent online attack from a hacker group called Team GhostShell has targeted more than 100 websites from banks, stock exchange, police departments, and consulting firms, to law firms, and several companies from many other http://www.secuobs.com/revue/news/396402.shtmlhttp://www.secuobs.com/revue/news/396402.shtml Secuobs.com : 2012-08-23 15:02:05 - Acunetix Web Application Security Blog - Do you ever get the feeling that something s not quite right after you ve performed an otherwise solid web security assessment Well, as many of us have discovered, that nagging feeling in the pit of your http://www.secuobs.com/revue/news/395324.shtmlhttp://www.secuobs.com/revue/news/395324.shtml Secuobs.com : 2012-08-09 15:52:32 - Acunetix Web Application Security Blog - We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 WVS 8 The new build 20120808 offers a number of new security checks for several different well known web applicatoins, improvements http://www.secuobs.com/revue/news/392625.shtmlhttp://www.secuobs.com/revue/news/392625.shtml Secuobs.com : 2012-08-08 15:56:21 - Acunetix Web Application Security Blog - According to Apache documentation htaccess files or distributed configuration files provide a way to make configuration changes on a per-directory basis A file, containing one or more configuration directives, is placed in a particular document directory, and http://www.secuobs.com/revue/news/392386.shtmlhttp://www.secuobs.com/revue/news/392386.shtml Secuobs.com : 2012-08-03 13:49:16 - Acunetix Web Application Security Blog - When we looking to rump up our knowledge on web application security and understand the core information security concepts we usually end up taking another security certification For example, confidentiality, compensating controls, risk transference are just a few http://www.secuobs.com/revue/news/391491.shtmlhttp://www.secuobs.com/revue/news/391491.shtml Secuobs.com : 2012-07-27 10:28:34 - Acunetix Web Application Security Blog - How do you handle your web application testing, vulnerability scans, test data and related security assessment reports I ve found that this is something that doesn t get a lot of attention in web application security circles but is still http://www.secuobs.com/revue/news/390216.shtmlhttp://www.secuobs.com/revue/news/390216.shtml Secuobs.com : 2012-07-19 09:42:25 - Acunetix Web Application Security Blog - In the 2012 Web Application Vulnerability Scanners Benchmark report, which was carried out by Shay-Chen on his website, Sectooladdict, Acunetix Web Vulnerability Scanner topped the Cross-Site Scripting and SQL Injection tests with a 100pourcents detection http://www.secuobs.com/revue/news/388349.shtmlhttp://www.secuobs.com/revue/news/388349.shtml Secuobs.com : 2012-07-17 12:04:31 - Acunetix Web Application Security Blog - You can interact with the Acunetix Team and with other members of the online web security community on the Acunetix Facebook Page Our Facebook Page makes it easy to share your thoughts and comments about http://www.secuobs.com/revue/news/387737.shtmlhttp://www.secuobs.com/revue/news/387737.shtml Secuobs.com : 2012-07-12 16:28:23 - Acunetix Web Application Security Blog - Web security assessment success is directly related to the amount of preparation you do up front before you run a single web application test It s the 80 20 Rule the 20 percent time and effort you put into planning http://www.secuobs.com/revue/news/386867.shtmlhttp://www.secuobs.com/revue/news/386867.shtml Secuobs.com : 2012-07-04 16:13:55 - Acunetix Web Application Security Blog - We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 WVS 8 The new build 20120704, includes a number of new security checks, improvements and bug fixes The highlight of this http://www.secuobs.com/revue/news/385428.shtmlhttp://www.secuobs.com/revue/news/385428.shtml Secuobs.com : 2012-07-03 13:38:08 - Acunetix Web Application Security Blog - Each time you create a new file on Windows, the operating system also generates an MS-DOS-compatible short file name in 83 format, to allow MS-DOS-based or 16-bit Windows-based programs to access files which have a http://www.secuobs.com/revue/news/385154.shtmlhttp://www.secuobs.com/revue/news/385154.shtml Secuobs.com : 2012-06-29 14:32:26 - Acunetix Web Application Security Blog - We are pleased to announce the appointment of Infrasec AG as Acunetix distributor for the German market Infrasec is now responsible for coordinating the Acunetix reseller distribution channel, reseller trainings and support in Germany Infrasec http://www.secuobs.com/revue/news/384582.shtmlhttp://www.secuobs.com/revue/news/384582.shtml Secuobs.com : 2012-06-21 16:04:31 - Acunetix Web Application Security Blog - As application security professionals, we want to get as much as possible out of our security assessments We re not only expected to but we re proud of our work and want to provide the best results http://www.secuobs.com/revue/news/382906.shtmlhttp://www.secuobs.com/revue/news/382906.shtml Secuobs.com : 2012-06-15 16:47:33 - Acunetix Web Application Security Blog - An Acunetix Web Vulnerability Scanner Scanning Profile defines which tests to launch against the target website For example, if you wish to test a website against Cross-Site Scripting XSS vulnerabilities, simply select the XSS Scanning Profile http://www.secuobs.com/revue/news/381811.shtmlhttp://www.secuobs.com/revue/news/381811.shtml Secuobs.com : 2012-06-13 16:55:37 - Acunetix Web Application Security Blog - We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 WVS 8 The new build 20120613 offers a number of new security checks, new scanner funtionalities, improvements and bug fixes New Security http://www.secuobs.com/revue/news/381329.shtmlhttp://www.secuobs.com/revue/news/381329.shtml Secuobs.com : 2012-06-08 17:06:11 - Acunetix Web Application Security Blog - LinkedIn, one of the biggest professional social networks, has suffered a major breach of its user password database The attack was confirmed on Wednesday afternoon by Vicente Silveira, Director at LinkedIn, and was followed by http://www.secuobs.com/revue/news/380408.shtmlhttp://www.secuobs.com/revue/news/380408.shtml Secuobs.com : 2012-06-07 16:28:35 - Acunetix Web Application Security Blog - Acunetix Web Vulnerability Scanner 8 WVS 8 offers you the ability to choose specific types of attacks to run against your site, such as SQL injection or Cross-Site Scripting attacks You can select http://www.secuobs.com/revue/news/380142.shtmlhttp://www.secuobs.com/revue/news/380142.shtml Secuobs.com : 2012-05-31 16:13:04 - Acunetix Web Application Security Blog - Since I first got involved with information security I ve been a strong proponent of focusing on the common sense basics We all know what needs to be done yet I see fundamental web security problems http://www.secuobs.com/revue/news/378766.shtmlhttp://www.secuobs.com/revue/news/378766.shtml Secuobs.com : 2012-05-24 16:47:24 - Acunetix Web Application Security Blog - Among many advanced penetration testing tools provided, Acunetix Web Vulnerability Scanner WVS offers you the HTTP Sniffer tool With the HTTP Sniffer you can capture, trap, analyze and even modify any HTTP traffic that the http://www.secuobs.com/revue/news/377511.shtmlhttp://www.secuobs.com/revue/news/377511.shtml Secuobs.com : 2012-05-17 15:21:33 - Acunetix Web Application Security Blog - Looks like the Mac is finally getting what s been coming malware And lots of it just recently with the Flashback infection that apparently impacted up to 700,000 Macs We ve all heard it from the Mac http://www.secuobs.com/revue/news/376112.shtmlhttp://www.secuobs.com/revue/news/376112.shtml Secuobs.com : 2012-05-10 16:23:03 - Acunetix Web Application Security Blog - Web Application Firewalls WAFs are an excellent last line of defense Based on what I see in my testing they re great at blocking both automated scans and granular exploits like Cross-Site Scripting and SQL injection http://www.secuobs.com/revue/news/374815.shtmlhttp://www.secuobs.com/revue/news/374815.shtml Secuobs.com : 2012-05-08 14:23:27 - Acunetix Web Application Security Blog - We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 WVS 8 Build number 20120508 includes a number of new scheduler features, a new security check for PHP-CGI, as well as http://www.secuobs.com/revue/news/374263.shtmlhttp://www.secuobs.com/revue/news/374263.shtml Secuobs.com : 2012-05-03 17:14:35 - Acunetix Web Application Security Blog - In order to save time scanning websites, you can run multiple instances of Acunetix Web Vulnerability Scanner up to two instances with the Small Business Edition, or up to 10 instances with the Consultant and http://www.secuobs.com/revue/news/373418.shtmlhttp://www.secuobs.com/revue/news/373418.shtml Secuobs.com : 2012-04-26 15:22:08 - Acunetix Web Application Security Blog - Running multiple instances of Acunetix Web Vulnerability Scanner WVS allows you to scan multiple websites simultaneously Each instance can scan one website at a time you can have up to two instances of all http://www.secuobs.com/revue/news/372204.shtmlhttp://www.secuobs.com/revue/news/372204.shtml Secuobs.com : 2012-04-20 14:59:13 - Acunetix Web Application Security Blog - Acunetix Web Vulnerability Scanner Wins the WindowSecuritycom Readers Choice Award for the Fifth Successive Year Leading Windows Security resource site, WindowSecuritycom, has announced that Acunetix Web Vulnerability Scanner has been selected as the winner of the http://www.secuobs.com/revue/news/371060.shtmlhttp://www.secuobs.com/revue/news/371060.shtml Secuobs.com : 2012-04-19 16:05:31 - Acunetix Web Application Security Blog - When performing web security assessments, it s easy for us to feel confident in what we see Take Cross-Site Scripting XSS for instance Your scanner finds this web vulnerability You validate that it does indeed exist http://www.secuobs.com/revue/news/370874.shtmlhttp://www.secuobs.com/revue/news/370874.shtml Secuobs.com : 2012-04-12 16:39:18 - Acunetix Web Application Security Blog - Is the exploitation of web vulnerabilities worth the trouble Does it create unnecessary risks that should be avoided Why exploit flaws anyway This is not a black and white circumstance Every situation is unique But http://www.secuobs.com/revue/news/369594.shtmlhttp://www.secuobs.com/revue/news/369594.shtml Secuobs.com : 2012-04-05 15:07:42 - Acunetix Web Application Security Blog - Gerald Ford once said Nothing in life is more important than the ability to communicate effectively What a profound statement that not only applies to our personal lives but also how far we go in http://www.secuobs.com/revue/news/368254.shtmlhttp://www.secuobs.com/revue/news/368254.shtml Secuobs.com : 2012-04-04 13:37:30 - Acunetix Web Application Security Blog - We are proud to announce a new build of Acunetix Web Vulnerability Scanner 8 Build 20120403 offers you a new feature which automatically verifies vulnerabilities such as SQL Injection, Cross-Site Scripting and Directory Traversal, and http://www.secuobs.com/revue/news/367953.shtmlhttp://www.secuobs.com/revue/news/367953.shtml Secuobs.com : 2012-03-29 16:27:37 - Acunetix Web Application Security Blog - The time required for web scanning with Acunetix Web Vulnerability Scanner WVS varies depending on the size and complexity of the target website, the response time of the web server, the type of scan you http://www.secuobs.com/revue/news/366950.shtmlhttp://www.secuobs.com/revue/news/366950.shtml Secuobs.com : 2012-03-28 17:47:37 - Acunetix Web Application Security Blog - On April 5th 2012, Jacadis, Acunetix s reseller in Ohio, USA, will be sponsoring the Detroit Tech-Security Conference and exhibiting Acunetix Web Vulnerability Scanner This conference is part of a series of high-quality executive symposiums that are http://www.secuobs.com/revue/news/366724.shtmlhttp://www.secuobs.com/revue/news/366724.shtml Secuobs.com : 2012-03-26 16:10:37 - Acunetix Web Application Security Blog - The Acunetix Team today announced an updated build of the Web Vulnerability Scanner Version 8 WVS 8 The new build, number 20120326, includes new security checks that detect even more vulnerabilities as well as a http://www.secuobs.com/revue/news/366142.shtmlhttp://www.secuobs.com/revue/news/366142.shtml Secuobs.com : 2012-03-22 16:18:34 - Acunetix Web Application Security Blog - A lot of developers are using version control systems such as SVN Apache Subversion and GIT in order to track changes in their source code These types of server tools are essential for the organizations http://www.secuobs.com/revue/news/365459.shtmlhttp://www.secuobs.com/revue/news/365459.shtml Secuobs.com : 2012-03-16 16:52:05 - Acunetix Web Application Security Blog - When you visit a website your browser sends an HTTP header called User-Agent to the web server This header indicates which web browser you are using, its version number and details about your operating system http://www.secuobs.com/revue/news/364093.shtmlhttp://www.secuobs.com/revue/news/364093.shtml Secuobs.com : 2012-03-06 17:42:12 - Acunetix Web Application Security Blog - The Acunetix Team is pleased to announce an updated build of the Web Vulnerability Scanner Version 8 WVS 8 This new built includes new security checks for more vulnerabilities, bug fixes as well as a http://www.secuobs.com/revue/news/361721.shtmlhttp://www.secuobs.com/revue/news/361721.shtml Secuobs.com : 2012-03-01 19:02:12 - Acunetix Web Application Security Blog - Nowadays, more and more people are using URL rewrite techniques to increase their friendliness to both users and search engines With URL rewrites, a URL like http wwwsitecom cms productphp action buy id 1 is typically rewritten to something like http wwwsitecom buy 1 Prior to Acunetix http://www.secuobs.com/revue/news/360910.shtmlhttp://www.secuobs.com/revue/news/360910.shtml Secuobs.com : 2012-02-24 16:53:56 - Acunetix Web Application Security Blog - As I ve written about scoping your Web security tests in the past, it s not something to be taken lightly Interestingly, there s one aspect of Web security testing where I m still seeing a big disconnect The http://www.secuobs.com/revue/news/359735.shtmlhttp://www.secuobs.com/revue/news/359735.shtml Secuobs.com : 2012-02-16 16:30:25 - Acunetix Web Application Security Blog - Nowadays, many components from web applications are commonly run on the user s computer such as JavaScript , and not just on the application s provider server such as Servlets As time goes by, there is the need http://www.secuobs.com/revue/news/358244.shtmlhttp://www.secuobs.com/revue/news/358244.shtml Secuobs.com : 2012-02-16 16:30:25 - Acunetix Web Application Security Blog - New Automation Auto-Configuration Features Make Securing Your Website Easier and Faster London, 16th Feburary 2012 Acunetix, a name on the forefront of the web application security industry, today announced the 8th version of its popular http://www.secuobs.com/revue/news/358243.shtmlhttp://www.secuobs.com/revue/news/358243.shtml Secuobs.com : 2012-02-02 16:19:07 - Acunetix Web Application Security Blog - When we talk about Web security, we typically think about the common OWASP-type elements SQL injection, cross-site scripting, passwords, encryption and the like That s fine but those areas can t be our only focus There s so http://www.secuobs.com/revue/news/355547.shtmlhttp://www.secuobs.com/revue/news/355547.shtml Secuobs.com : 2012-01-25 17:28:58 - Acunetix Web Application Security Blog - We are pleased to announce a Release Candidate RC of the much-awaited Acunetix Web Vulnerability Scanner, version 8 This build fixes issues that were reported during the Beta stages of development and also adds a http://www.secuobs.com/revue/news/354057.shtmlhttp://www.secuobs.com/revue/news/354057.shtml Secuobs.com : 2012-01-19 15:44:06 - Acunetix Web Application Security Blog - Recently, a project manager I work with asked me if I had manually validated a set of security flaws I uncovered during a web security assessment The flaws in question were related to the server http://www.secuobs.com/revue/news/352969.shtmlhttp://www.secuobs.com/revue/news/352969.shtml Secuobs.com : 2012-01-05 15:24:58 - Acunetix Web Application Security Blog - I recently participated in a webinar aimed at helping physical security professionals, corporate security managers and others responsible for both physical and logical security This is an area of security that doesn t get near the http://www.secuobs.com/revue/news/350444.shtmlhttp://www.secuobs.com/revue/news/350444.shtml Secuobs.com : 2011-12-23 14:01:11 - Acunetix Web Application Security Blog - I ve had several questions from clients recently on how they can to secure FTP running on their web servers The easy and short-sighted response would be Are you nuts You need to run FTP on http://www.secuobs.com/revue/news/348767.shtmlhttp://www.secuobs.com/revue/news/348767.shtml Secuobs.com : 2011-12-15 16:14:37 - Acunetix Web Application Security Blog - As the BETA program for Acunetix Web Vulnerability Scanner 8 keeps gaining momentum, all the great feedback received from our BETA participants has helped us achieve the BETA 2 milestone This brings a significant number http://www.secuobs.com/revue/news/347392.shtmlhttp://www.secuobs.com/revue/news/347392.shtml Secuobs.com : 2011-12-01 17:57:14 - Acunetix Web Application Security Blog - It s a very predictable web security flaw in fact, it s something I find in the majority of my web security assessments the lack of intruder lockout on login pages I know, with all the http://www.secuobs.com/revue/news/344828.shtmlhttp://www.secuobs.com/revue/news/344828.shtml Secuobs.com : 2011-11-23 11:27:07 - Acunetix Web Application Security Blog - The next big release of Acunetix WVS is in Beta, and will soon be safeguarding thousands of web applications and businesses This brief presentation highlights the exciting new features in WVS 8 we look forward http://www.secuobs.com/revue/news/342195.shtmlhttp://www.secuobs.com/revue/news/342195.shtml Secuobs.com : 2011-11-16 17:52:16 - Acunetix Web Application Security Blog - The next stage in the evolution of Acunetix Web Vulnerability Scanner has arrived WVS 8 BETA Many of you have been biting their nails in anticipation of this Beta, so sit tight and read on http://www.secuobs.com/revue/news/341021.shtmlhttp://www.secuobs.com/revue/news/341021.shtml Secuobs.com : 2011-11-11 16:38:46 - Acunetix Web Application Security Blog - On the 5th of December 2011, the Pittsburgh chapter of ISACA will be hosting a one-day Information Technology Audit Control Conference with Acunetix reseller Jacadis specialists in network and web security as one of http://www.secuobs.com/revue/news/340152.shtmlhttp://www.secuobs.com/revue/news/340152.shtml Secuobs.com : 2011-11-09 17:14:38 - Acunetix Web Application Security Blog - I recently read about a marketing agency that experienced a security breach and subsequent defacement of its customers websites Apparently their developers had misconfigured the web server and unknowingly gave the whole world access to http://www.secuobs.com/revue/news/339748.shtmlhttp://www.secuobs.com/revue/news/339748.shtml Secuobs.com : 2011-11-02 15:55:42 - Acunetix Web Application Security Blog - Many organizations have a formal set of information security policies covering everything from acceptable internet usage to security in software development to web application security In fact, it s hard to come across a business today http://www.secuobs.com/revue/news/338353.shtmlhttp://www.secuobs.com/revue/news/338353.shtml Secuobs.com : 2011-10-27 16:27:29 - Acunetix Web Application Security Blog - Recently a client of mine sent over the results of a web vulnerability scan that one of their customers had run against their production web environment My client was curious why the results of this http://www.secuobs.com/revue/news/337227.shtmlhttp://www.secuobs.com/revue/news/337227.shtml Secuobs.com : 2011-10-18 23:15:47 - Acunetix Web Application Security Blog - Acunetix WVS will be exhibited at the 2011 Globaltek Security Conference held on the 26th of October 2011 at the Hotel Dann Carlton in Bogotá, Colombia Entry to the conference is free of charge, and the http://www.secuobs.com/revue/news/335532.shtmlhttp://www.secuobs.com/revue/news/335532.shtml Secuobs.com : 2011-10-12 17:09:38 - Acunetix Web Application Security Blog - XSS vulnerabilities Cross-Site Scripting vulnerabilities are often overshadowed by their big cousin, the infamous SQL Injection This does not make them any less effective or deadly XSS and SQL Injection attacks are similar in the http://www.secuobs.com/revue/news/334330.shtmlhttp://www.secuobs.com/revue/news/334330.shtml Secuobs.com : 2011-10-05 17:03:52 - Acunetix Web Application Security Blog - As I wrote about in a previous post, we re in the era of cutting back if not completely eliminating all non-essential expenditures The thing is what may seem to be non-essential to management http://www.secuobs.com/revue/news/332859.shtmlhttp://www.secuobs.com/revue/news/332859.shtml Secuobs.com : 2011-10-05 13:56:23 - Acunetix Web Application Security Blog - An updated build of Acunetix Web Vulnerability Scanner Version 7 was released This new build, numbered 20111005, includes two new features support for a wider variety of web applications , a good number of improvements to http://www.secuobs.com/revue/news/332820.shtmlhttp://www.secuobs.com/revue/news/332820.shtml Secuobs.com : 2011-09-29 16:33:22 - Acunetix Web Application Security Blog - Looking at the bigger picture of application security it seems that no one else really hears us Sure, product managers, marketing, legal, HR and even certain people in management say they understand what s at stake http://www.secuobs.com/revue/news/331758.shtmlhttp://www.secuobs.com/revue/news/331758.shtml Secuobs.com : 2011-09-23 08:49:56 - Acunetix Web Application Security Blog - The following features complete the Acunetix WVS scanning arsenal Innovative AcuSensor technology Web server configuration detection Web server security scan Port Scanner against services such as DNS, SSH etc Dictionary brute force attacker to test password strength of login http://www.secuobs.com/revue/news/330555.shtmlhttp://www.secuobs.com/revue/news/330555.shtml Secuobs.com : 2011-09-22 16:28:08 - Acunetix Web Application Security Blog - It s hard to believe, but SQL injection as we know it has been around for 13 years Yet, SQL injection is as prevalent as ever as highlighted in The 2011 Mid-Year Top Cyber Security Risks http://www.secuobs.com/revue/news/330382.shtmlhttp://www.secuobs.com/revue/news/330382.shtml Secuobs.com : 2011-09-22 10:51:04 - Acunetix Web Application Security Blog - Comguard, the Acunetix distributor based in Dubai, will be participating in GITEX 2011, heralded as one of the largest and most important ICT events around the globe Alive with the energy of the ICT sector and the http://www.secuobs.com/revue/news/330343.shtmlhttp://www.secuobs.com/revue/news/330343.shtml Secuobs.com : 2011-09-20 17:11:54 - Acunetix Web Application Security Blog - A security research team called Vulnerability-Lab have discovered a persistent XSS vulnerability in the official website of Barack Obama This is not the first time that the president s website was targeted About a year ago http://www.secuobs.com/revue/news/329949.shtmlhttp://www.secuobs.com/revue/news/329949.shtml Secuobs.com : 2011-09-20 16:14:18 - Acunetix Web Application Security Blog - An updated build of Acunetix Web Vulnerability Scanner Version 7 was released This new build 20110920 includes the new Firefox plugin which supports FireFox version 6, a new security check for the Apache web server http://www.secuobs.com/revue/news/329934.shtmlhttp://www.secuobs.com/revue/news/329934.shtml Secuobs.com : 2011-09-19 10:27:08 - Acunetix Web Application Security Blog - Some websites are designed to use custom 404 error pages instead of a web browser s standard error page because they can be branded and made to contain links to other important pages If your website http://www.secuobs.com/revue/news/329618.shtmlhttp://www.secuobs.com/revue/news/329618.shtml Secuobs.com : 2011-09-19 10:27:08 - Acunetix Web Application Security Blog - Acunetix WVS is a heuristic scanner and not a signature based scanner, which by design is an efficient way of reducing false positives With the introduction of AcuSensor Technology, false positive reporting has been drastically reduced because vulnerability http://www.secuobs.com/revue/news/329617.shtmlhttp://www.secuobs.com/revue/news/329617.shtml Secuobs.com : 2011-09-15 10:12:31 - Acunetix Web Application Security Blog - Acunetix WVS features a directory and file filter which allows you to safely exclude specific URL s or directories from the scan To create a directory filter In the Tools Explorer, click Configuration and then click Settings http://www.secuobs.com/revue/news/329010.shtmlhttp://www.secuobs.com/revue/news/329010.shtml Secuobs.com : 2011-09-14 10:34:50 - Acunetix Web Application Security Blog - Should you need to generate a report for a scan performed at an eariler stage, it is possible to load a saved scan result file and manually import it into the Acunetix reporting database To generate http://www.secuobs.com/revue/news/328758.shtmlhttp://www.secuobs.com/revue/news/328758.shtml Secuobs.com : 2011-09-13 10:57:51 - Acunetix Web Application Security Blog - Acunetix distributor DS TEAM will be hosting a conference at the HackXColombia 2011 expo held on the 8th October 2011 at the University Corporation for sabaneta J Emilio Valderrama The main objective of this event is to raise awareness and funds http://www.secuobs.com/revue/news/328495.shtmlhttp://www.secuobs.com/revue/news/328495.shtml Secuobs.com : 2011-09-12 16:37:54 - Acunetix Web Application Security Blog - On Thursday morning a post appeared on the popular Full Disclosure Internet discussion group listing XSS vulnerabilities in no less than 20 high profile websites Amongst the vulnerable are McDonalds, IEEE Explore, Harvard University, and http://www.secuobs.com/revue/news/328355.shtmlhttp://www.secuobs.com/revue/news/328355.shtml Secuobs.com : 2011-09-12 15:35:27 - Acunetix Web Application Security Blog - Acunetix WVS can safely ignore certain file types which cannot be exploited by a hacker, and therefore cannot be considered as vulnerable By ignoring these files types a scan will take less time to complete, http://www.secuobs.com/revue/news/328347.shtmlhttp://www.secuobs.com/revue/news/328347.shtml Secuobs.com : 2011-09-09 16:12:00 - Acunetix Web Application Security Blog - The Acunetix WVS Login Sequence Recorder can be used for many other tasks rather than just to scan password protected areas If used appropriately it will help you in automating most of the crawling process http://www.secuobs.com/revue/news/327993.shtmlhttp://www.secuobs.com/revue/news/327993.shtml Secuobs.com : 2011-09-09 16:12:00 - Acunetix Web Application Security Blog - Acunetix reseller, Ace-Pacific Pty Ltd, will be exhibiting at Govware 2011 held between the 27th and 29th September 2011 at the Suntec Singapore International Exhibition Convention Center highlighted theme this year being SecurITy Navigating http://www.secuobs.com/revue/news/327992.shtmlhttp://www.secuobs.com/revue/news/327992.shtml Secuobs.com : 2011-09-09 11:34:11 - Acunetix Web Application Security Blog - When recoding a login sequence, the crawler needs to be configured to automatically identify if a web application s logged in session navigation of a password protected area is still valid or not This is an http://www.secuobs.com/revue/news/327952.shtmlhttp://www.secuobs.com/revue/news/327952.shtml Secuobs.com : 2011-09-09 10:36:35 - Acunetix Web Application Security Blog - As a pattern and exploit analysis tool, Acunetix WVS performs vulnerability scans by executing the following 3 sub-tasks Step 1 Target identification WVS checks that the target s are in fact running a web server and hence a http://www.secuobs.com/revue/news/327948.shtmlhttp://www.secuobs.com/revue/news/327948.shtml Secuobs.com : 2011-09-02 10:18:10 - Acunetix Web Application Security Blog - There s no way the Acunetix Facebook iPad competition was going to fly under the radar As soon as August was out we immediately began receiving messages asking who the competition winner was Well, the security http://www.secuobs.com/revue/news/326669.shtmlhttp://www.secuobs.com/revue/news/326669.shtml Secuobs.com : 2011-09-01 17:12:51 - Acunetix Web Application Security Blog - We often hear about disgruntled workers wreaking havoc on computer systems and sensitive information Interestingly we never hear about what I call gruntled workers and how they can and do contribute to enterprise http://www.secuobs.com/revue/news/326514.shtmlhttp://www.secuobs.com/revue/news/326514.shtml Secuobs.com : 2011-08-31 17:10:19 - Acunetix Web Application Security Blog - Apart from being an annoyance, if the problem of mass mailing has impacted your site then it could be a vulnerability in itself A hacker or malicious user can perform the same steps to flood http://www.secuobs.com/revue/news/326259.shtmlhttp://www.secuobs.com/revue/news/326259.shtml Secuobs.com : 2011-08-25 10:29:21 - Acunetix Web Application Security Blog - Acunetix WVS includes different settings and tools which when configured properly will enable the scanner to automatically crawl the entire web application therefore the automated scanning engine will always obtain a complete reach over the site http://www.secuobs.com/revue/news/325121.shtmlhttp://www.secuobs.com/revue/news/325121.shtml Secuobs.com : 2011-08-23 15:41:12 - Acunetix Web Application Security Blog - An updated build of Acunetix Web Vulnerability Scanner Version 7 was released This new build 20110823 includes the new Firefox plugin which supports ireFox version 5, two new security checks and a bug fix in http://www.secuobs.com/revue/news/324667.shtmlhttp://www.secuobs.com/revue/news/324667.shtml Secuobs.com : 2011-08-09 14:25:48 - Acunetix Web Application Security Blog - The security community has no shortage of experts, and being able to pick the brains of hacking and security elites also has no shortage of benefits Whether you work in the web security industry or just http://www.secuobs.com/revue/news/321949.shtmlhttp://www.secuobs.com/revue/news/321949.shtml Secuobs.com : 2011-08-08 12:04:36 - Acunetix Web Application Security Blog - Since its conception in 2005, Acunetix Web Vulnerability Scanner has provided a comprehensive set of security analysis tools to countless web designers, administrators, and consultants around the world and has successfully protected thousands of web http://www.secuobs.com/revue/news/321663.shtmlhttp://www.secuobs.com/revue/news/321663.shtml Secuobs.com : 2011-08-04 15:54:26 - Acunetix Web Application Security Blog - On the 12th of July 2011, Booz Allen Hamilton the largest US military defence contractor admitted that they had just suffered a very serious security breach, at the hands of hacktivist group AntiSec Operation Anti-Security AntiSec is a http://www.secuobs.com/revue/news/321079.shtmlhttp://www.secuobs.com/revue/news/321079.shtml Secuobs.com : 2011-07-26 10:22:13 - Acunetix Web Application Security Blog - SQL Injection is perhaps one of the most common application layer attack techniques used today, mainly used by malicious users to steal data from organizations It is a type of attack that takes advantage of http://www.secuobs.com/revue/news/319243.shtmlhttp://www.secuobs.com/revue/news/319243.shtml Secuobs.com : 2011-07-21 14:09:35 - Acunetix Web Application Security Blog - As part of our commitment to help companies and business secure their websites and web applications, we are launching the Acunetix Forums If you are an Acunetix Web Vulnerability Scanner user free or commercial feel free http://www.secuobs.com/revue/news/318424.shtmlhttp://www.secuobs.com/revue/news/318424.shtml Secuobs.com : 2011-07-19 10:33:19 - Acunetix Web Application Security Blog - I ve heard experts in time management say that one minute of planning can save you five minutes in execution This applies to so many things we do in IT and information security but I can t http://www.secuobs.com/revue/news/317815.shtmlhttp://www.secuobs.com/revue/news/317815.shtml Secuobs.com : 2011-07-14 11:09:56 - Acunetix Web Application Security Blog - The Washington Post website has been hit with a double security breach Hackers have made off with around 13 million user IDs and email address from the Jobs section of the site The attackers were http://www.secuobs.com/revue/news/316938.shtmlhttp://www.secuobs.com/revue/news/316938.shtml Secuobs.com : 2011-07-11 11:08:55 - Acunetix Web Application Security Blog - An updated build of Acunetix Web Vulnerability Scanner Version 7 was released This new build 20110711 features improved Cross-Site scripting XSS web security checks, an improved crawler, better web 20 support and a number of http://www.secuobs.com/revue/news/316220.shtmlhttp://www.secuobs.com/revue/news/316220.shtml Secuobs.com : 2011-07-06 17:34:11 - Acunetix Web Application Security Blog - A good web application security environment is one that balances security with convenience Nothing more and nothing less just the security that s needed to keep things reasonably in check But just how much is enough All http://www.secuobs.com/revue/news/315438.shtmlhttp://www.secuobs.com/revue/news/315438.shtml Secuobs.com : 2011-07-04 16:33:32 - Acunetix Web Application Security Blog - Alarming results have been announced following a recent survey conducted by the Ponemon Research Institute and Juniper Networks In their survey, 583 American companies were interviewed on security related questions The result seems to correlate http://www.secuobs.com/revue/news/315061.shtmlhttp://www.secuobs.com/revue/news/315061.shtml Secuobs.com : 2011-07-01 15:33:42 - Acunetix Web Application Security Blog - In this video we focus on the advanced penetration testing tool, HTTP Editor Tool, that is bundled with Acunetix Web Vulnerability Scanner We begin by hacking a website using a source code disclosure vulnerability that http://www.secuobs.com/revue/news/314716.shtmlhttp://www.secuobs.com/revue/news/314716.shtml Secuobs.com : 2011-06-29 16:17:07 - Acunetix Web Application Security Blog - One of the things I ve learned throughout my career is that many solutions to the problems we face in IT, security and software development can be solved if we simply turn to business leaders to http://www.secuobs.com/revue/news/314252.shtmlhttp://www.secuobs.com/revue/news/314252.shtml Secuobs.com : 2011-06-22 16:20:55 - Acunetix Web Application Security Blog - Sega Corporation has joined the increasingly long list of video game companies to suffer a data breach In an email sent to members of its Sega Pass service, it admitted that the user accounts over http://www.secuobs.com/revue/news/312870.shtmlhttp://www.secuobs.com/revue/news/312870.shtml Secuobs.com : 2011-06-20 14:28:51 - Acunetix Web Application Security Blog - We are pleased to announce a new system to record feature requests, which allows feature ideas to be voted upon and thus makes its much easier for us to see the most requested features Furthermore, http://www.secuobs.com/revue/news/312316.shtmlhttp://www.secuobs.com/revue/news/312316.shtml Secuobs.com : 2011-06-17 13:13:17 - Acunetix Web Application Security Blog - Secure your web applications and websites against vulnerabilities with Acunetix Web Vulnerability Scanner Hacking is on the rise and the number of victims is increasing every day See how firewalls, SSL and locked-down servers can t stop http://www.secuobs.com/revue/news/311913.shtmlhttp://www.secuobs.com/revue/news/311913.shtml Secuobs.com : 2011-06-14 13:27:17 - Acunetix Web Application Security Blog - One lucky Acunetix Facebook follower will be selected at random to win an iPad 2 All you have to do is follow Acunetix on Facebook If you re not a follower, visit http wwwfacebookcom Acunetix and click Like Acunetix http://www.secuobs.com/revue/news/311023.shtmlhttp://www.secuobs.com/revue/news/311023.shtml Secuobs.com : 2011-06-13 14:46:16 - Acunetix Web Application Security Blog - US Air Force Chooses Acunetix Web Vulnerability Scanner to Secure Against Web Application Vulnerabilities USA, June 13 2011 Acunetix, developer of leading website security scanning software, today announced that the United States Air Force has http://www.secuobs.com/revue/news/310802.shtmlhttp://www.secuobs.com/revue/news/310802.shtml Secuobs.com : 2011-06-01 16:06:14 - Acunetix Web Application Security Blog - One of the most common questions I get is What s your take on cloud security Well, my answer is relatively straightforward never assume that all s well just because someone says it is In other words http://www.secuobs.com/revue/news/308457.shtmlhttp://www.secuobs.com/revue/news/308457.shtml Secuobs.com : 2011-05-25 16:56:34 - Acunetix Web Application Security Blog - As I wrote in my previous post about low-hanging fruit and the 2011 Verizon Data Breach Report, I m a strong believer in finding out where your Web systems are bleeding and focusing on those issues http://www.secuobs.com/revue/news/307030.shtmlhttp://www.secuobs.com/revue/news/307030.shtml Secuobs.com : 2011-05-18 16:10:39 - Acunetix Web Application Security Blog - An updated build of Acunetix Web Vulnerability Scanner Version 7 has now been released The new build features a number of bug fixes Bug Fixes Fixed The Acusensor Technology files were updated incorrectly Fixed Access Violation when scan http://www.secuobs.com/revue/news/305605.shtmlhttp://www.secuobs.com/revue/news/305605.shtml Secuobs.com : 2011-05-06 11:50:23 - Acunetix Web Application Security Blog - Jacadis LLC, Acunetix reseller, will be exhibiting Acunetix Web Vulnerability Scanner at the 2011 Central Ohio InfoSec Summit Jerod Brennen of Jacadis will also be discussing, How to Securely Deploy and Manage Enterprise Mobile Devices The http://www.secuobs.com/revue/news/303046.shtmlhttp://www.secuobs.com/revue/news/303046.shtml Secuobs.com : 2011-05-05 16:09:16 - Acunetix Web Application Security Blog - Introduction On April 11th 2011, at nine in the evening, Barracuda Networks posted a grim entry on their blog Their network had been hacked Thousands of their confidential customer and employee records were stolen In an http://www.secuobs.com/revue/news/302836.shtmlhttp://www.secuobs.com/revue/news/302836.shtml Secuobs.com : 2011-05-04 09:20:39 - Acunetix Web Application Security Blog - ComGuard, official Acunetix WVS Reseller in the United Arab Emirates, are to be hosting a special event An Acunetix Knowledge Quiz will be hosted from their website and participants with the most correct answers will win http://www.secuobs.com/revue/news/302488.shtmlhttp://www.secuobs.com/revue/news/302488.shtml Secuobs.com : 2011-05-03 15:28:34 - Acunetix Web Application Security Blog - The 2011 Verizon Data Breach Investigations Report is out Yeah, yeah, yeah yet another report telling us what a bad state of security we re in and that we need to fix all sorts of http://www.secuobs.com/revue/news/302235.shtmlhttp://www.secuobs.com/revue/news/302235.shtml Secuobs.com : 2011-04-28 15:52:13 - Acunetix Web Application Security Blog - Regulatory compliance it s a dirty word in business today Perhaps that s because we re being force-fed more and more rules that various governing bodies believe are the best ways for us to run our businesses http://www.secuobs.com/revue/news/301376.shtmlhttp://www.secuobs.com/revue/news/301376.shtml Secuobs.com : 2011-04-20 16:11:08 - Acunetix Web Application Security Blog - Introduction On 27th March 2011 a message was posted on the popular Full Disclosure mailing list exposing a recent hack against the website mysqlcom This vulnerability was apparently also reported by a group called TinKode, who http://www.secuobs.com/revue/news/299693.shtmlhttp://www.secuobs.com/revue/news/299693.shtml Secuobs.com : 2011-04-13 17:40:29 - Acunetix Web Application Security Blog - With all the talk lately, especially in the OWASP LinkedIn forum, about the most expensive web scanners being the so-called best, Infosec Island have put the far more affordable Web Vulnerability Scanners to the test By http://www.secuobs.com/revue/news/298170.shtmlhttp://www.secuobs.com/revue/news/298170.shtml Secuobs.com : 2011-04-07 15:20:30 - Acunetix Web Application Security Blog - An updated build of Acunetix Web Vulnerability Scanner Version 7 has now been released The new build features a new improvement with the AcuSensor details as well as fixing a few bugs to bolster stability New http://www.secuobs.com/revue/news/296872.shtmlhttp://www.secuobs.com/revue/news/296872.shtml Secuobs.com : 2011-03-31 16:52:41 - Acunetix Web Application Security Blog - Would you want to rely a home inspector s analysis of just the outside of a new home you re considering for purchase What about a lab tech only running a partial CT scan or the radiologist http://www.secuobs.com/revue/news/295405.shtmlhttp://www.secuobs.com/revue/news/295405.shtml Secuobs.com : 2011-03-29 15:37:50 - Acunetix Web Application Security Blog - Acunetix reseller DMC Technology-Scotland will be exhibiting Acunetix Web Vulnerability Scanner at the All-Energy 2011 Exhibition and Conference The event will be held at on the 18th 20th May 2011 at the Aberdeen Pavilion, AECC, Scotland Head http://www.secuobs.com/revue/news/294826.shtmlhttp://www.secuobs.com/revue/news/294826.shtml Secuobs.com : 2011-03-22 16:45:31 - Acunetix Web Application Security Blog - Cross Site Scripting XSS attacks are amongst the most common types of attacks against web applications XSS attacks all fall under the same category however a more detailed look at the techniques employed during XSS http://www.secuobs.com/revue/news/293332.shtmlhttp://www.secuobs.com/revue/news/293332.shtml Secuobs.com : 2011-03-15 16:59:20 - Acunetix Web Application Security Blog - Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and http://www.secuobs.com/revue/news/291748.shtmlhttp://www.secuobs.com/revue/news/291748.shtml Secuobs.com : 2011-03-10 17:29:10 - Acunetix Web Application Security Blog - Attending a recent meeting I heard one of the speakers say You can t change what you tolerate Apparently it s a quote from Cesar Millan the dog whisperer but it really struck a chord in me http://www.secuobs.com/revue/news/290749.shtmlhttp://www.secuobs.com/revue/news/290749.shtml Secuobs.com : 2011-03-08 18:22:50 - Acunetix Web Application Security Blog - An updated build of Acunetix Web Vulnerability Scanner Version 7 was released This new build features a number of new security checks, automatic crawling and scanning of SVN repositories, improved Cross-site scripting checks and a http://www.secuobs.com/revue/news/290193.shtmlhttp://www.secuobs.com/revue/news/290193.shtml Secuobs.com : 2011-03-01 15:01:59 - Acunetix Web Application Security Blog - Most of the improvements and major changes in version 7 are under the hood, but at first use you will notice the difference The scanner is much faster and seems more intelligent there were noticeably http://www.secuobs.com/revue/news/288480.shtmlhttp://www.secuobs.com/revue/news/288480.shtml Secuobs.com : 2011-02-23 16:51:29 - Acunetix Web Application Security Blog - For the fourth time in a row, Acunetix Web Vulnerability Scanner Chosen as the WindowsecurityCom Readers Choice Award Winner The leading Windows Security resource site, WindowSecuritycom, announced today that Acunetix Web Vulnerability Scanner was selected http://www.secuobs.com/revue/news/287183.shtmlhttp://www.secuobs.com/revue/news/287183.shtml Secuobs.com : 2011-02-16 19:42:17 - Acunetix Web Application Security Blog - Typically when we think of Web security testing vulnerabilities such as SQL injection, cross-site scripting and so on come to mind Rightly so, the flaws resulting from poor input validation alone are still a large http://www.secuobs.com/revue/news/285711.shtmlhttp://www.secuobs.com/revue/news/285711.shtml Secuobs.com : 2011-02-09 14:02:01 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 7 was released With this new build, you can generate PCI 20 compliance reports and CWE SANS top 25 reports The Input Fields feature was also enhanced, and now http://www.secuobs.com/revue/news/283952.shtmlhttp://www.secuobs.com/revue/news/283952.shtml Secuobs.com : 2011-02-03 17:08:38 - Acunetix Web Application Security Blog - Are you a software developer If so, I don t envy you Of all the possible positions working in and around IT, you ve arguably got the toughest one I ve witnessed it over the years while performing http://www.secuobs.com/revue/news/282764.shtmlhttp://www.secuobs.com/revue/news/282764.shtml Secuobs.com : 2011-01-26 15:16:30 - Acunetix Web Application Security Blog - Acunetix WVS 70 is not only helpful, it is extremely powerful With the new multi-threaded scanner, the entire process far faster and efficient than ever before This software offers the best of both worlds the http://www.secuobs.com/revue/news/280895.shtmlhttp://www.secuobs.com/revue/news/280895.shtml Secuobs.com : 2011-01-24 18:20:24 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 7 has been released In this build we introduced a new Cross-site scripting security check and also address a number of bug fixes New security check New type http://www.secuobs.com/revue/news/280351.shtmlhttp://www.secuobs.com/revue/news/280351.shtml Secuobs.com : 2011-01-19 16:59:42 - Acunetix Web Application Security Blog - Periodic and consistent security checks that s the recipe for effective Web security, right We hear this best practice recommendation all the time It s true but what exactly does it mean How often do you http://www.secuobs.com/revue/news/279260.shtmlhttp://www.secuobs.com/revue/news/279260.shtml Secuobs.com : 2010-12-29 17:54:26 - Acunetix Web Application Security Blog - It s that time of year for us to get inundated with all those Top 10 lists to help us achieve this, prevent that and so on Those lists are valuable indeed, especially if you need http://www.secuobs.com/revue/news/274718.shtmlhttp://www.secuobs.com/revue/news/274718.shtml Secuobs.com : 2010-12-20 13:12:00 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 7 was released, featuring further DOM XSS checks improvements and addresses a number of bug fixes New features DOM XSS will now report the filename in which the attack was http://www.secuobs.com/revue/news/273056.shtmlhttp://www.secuobs.com/revue/news/273056.shtml Secuobs.com : 2010-12-14 17:25:46 - Acunetix Web Application Security Blog - To secure a website or a web application, one has to first understand the target application, how it works and the scope behind it Ideally, the penetration tester should have some basic knowledge of programming http://www.secuobs.com/revue/news/271571.shtmlhttp://www.secuobs.com/revue/news/271571.shtml Secuobs.com : 2010-12-13 15:48:08 - Acunetix Web Application Security Blog - If only Web application security were black and white We could simply load our scanner without thinking anything through, enter the URL, click Scan, generate a report of issues for someone else to address and http://www.secuobs.com/revue/news/271310.shtmlhttp://www.secuobs.com/revue/news/271310.shtml Secuobs.com : 2010-12-09 18:23:02 - Acunetix Web Application Security Blog - This week thousands of system administrators who make use of Goolge products will open their inbox to see an email from Google explaining that their Web Optimizer product contains an XSS flaw that allows hackers to inject scripts into their Google Optimized web pages http://www.secuobs.com/revue/news/270568.shtmlhttp://www.secuobs.com/revue/news/270568.shtml Secuobs.com : 2010-12-06 18:27:07 - Acunetix Web Application Security Blog - While a traditional cross-site scripting vulnerability occurs on the server-side code, document object model based cross-site scripting is a type of vulnerability which affects the script code in the client s browser DOM or the document object http://www.secuobs.com/revue/news/269677.shtmlhttp://www.secuobs.com/revue/news/269677.shtml Secuobs.com : 2010-12-06 16:50:22 - Acunetix Web Application Security Blog - The new build of Acunetix Web Vulnerability scanner Version 7 checks for DOM based XSS vulnerabilities Unlike the traditional cross-site scripting vulnerability, document object model based cross-site scripting DOM XSS vulnerability is a type of http://www.secuobs.com/revue/news/269644.shtmlhttp://www.secuobs.com/revue/news/269644.shtml Secuobs.com : 2010-11-24 11:23:21 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 7 was released Improvement More updates to the Client Script Analyser CSA engine for better Web 20 support Bug Fixes Fix Added port in host header for https in manual browsing Fixed Crawler http://www.secuobs.com/revue/news/267142.shtmlhttp://www.secuobs.com/revue/news/267142.shtml Secuobs.com : 2010-11-22 16:56:44 - Acunetix Web Application Security Blog - Wong Onn Chee and Tom Brennan from OWASP recently published a paper presenting a new denial of service attack against web servers What s special about this denial of service attack is that it s very hard to http://www.secuobs.com/revue/news/266586.shtmlhttp://www.secuobs.com/revue/news/266586.shtml Secuobs.com : 2010-11-18 17:07:22 - Acunetix Web Application Security Blog - Clarification, additional guidance, and evolving requirements welcome to the new PCI standards Hot off the press are the new PCI DSS and PA-DSS requirements which take effect January 1, 2011 So, if you work http://www.secuobs.com/revue/news/265805.shtmlhttp://www.secuobs.com/revue/news/265805.shtml Secuobs.com : 2010-11-15 14:14:58 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 7 was released It includes a new feature, and improved support for JQuery and Web 20 web applications New Features Ability to stop individual running security scripts during a scan Major http://www.secuobs.com/revue/news/264876.shtmlhttp://www.secuobs.com/revue/news/264876.shtml Secuobs.com : 2010-11-09 16:02:03 - Acunetix Web Application Security Blog - Don t get caught off guard We hear that statement all the time with regards to information security Sadly, as many businesses have experienced, such talk is cheap Obviously no one wants their Web site to http://www.secuobs.com/revue/news/263518.shtmlhttp://www.secuobs.com/revue/news/263518.shtml Secuobs.com : 2010-10-26 16:58:38 - Acunetix Web Application Security Blog - A client of mine who s a security administrator for a business in the financial industry contacted me recently about some odd behavior he was seeing on his network Apparently numerous spidering mirroring requests were being sent http://www.secuobs.com/revue/news/259967.shtmlhttp://www.secuobs.com/revue/news/259967.shtml Secuobs.com : 2010-10-18 12:51:10 - Acunetix Web Application Security Blog - The District of Columbia recently attempted to give the opportunity to number of people who live or work overseas to be able to cast their vote remotely To do this a secure E-Voting website costing over 300,000 was built On Tuesday, September 28 2010 the first public trial run was launched Thirty-six hours later the voting system was hacked by a student It took nearly three days for DC officials to realize that their system was compromised The trial was immediately suspended and red-faced engineers and politicians quickly scrambled to find out how this breach could possibly have happened http://www.secuobs.com/revue/news/257804.shtmlhttp://www.secuobs.com/revue/news/257804.shtml Secuobs.com : 2010-10-14 18:24:14 - Acunetix Web Application Security Blog - People who are at the top of their games such as Formula One engineers, neurosurgeons, stunt pilots and so on have one thing in common they all have finely-tuned technical skills This is not just http://www.secuobs.com/revue/news/257014.shtmlhttp://www.secuobs.com/revue/news/257014.shtml Secuobs.com : 2010-10-12 17:26:55 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 7 has been released It includes a two bug fixes Bug fixes Fixed Client Script Analyser engine was blocking if insertAdjacentHTML used on an element without parent Fixed Accept header was http://www.secuobs.com/revue/news/256191.shtmlhttp://www.secuobs.com/revue/news/256191.shtml Secuobs.com : 2010-09-27 17:25:06 - Acunetix Web Application Security Blog - The recent publicity and ranting about Twitter s onMouseOver flaw got me thinking about our perception of software quality and expectations of risk Why is there no room for error when Twitter makes a mistake yet http://www.secuobs.com/revue/news/252018.shtmlhttp://www.secuobs.com/revue/news/252018.shtml Secuobs.com : 2010-09-22 19:19:24 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 7 has been released Apart form a number of improvements and bug fixes, this build will also automatically check for the latest OpenX OFC file upload and the http://www.secuobs.com/revue/news/250709.shtmlhttp://www.secuobs.com/revue/news/250709.shtml Secuobs.com : 2010-09-22 13:33:57 - Acunetix Web Application Security Blog - Everybody s talking about the ASPNET Padding Oracle vulnerability released a few days ago at the ekoparty Security Conference However, until now there wasn t enough information on how do you check if your application is vulnerable http://www.secuobs.com/revue/news/250622.shtmlhttp://www.secuobs.com/revue/news/250622.shtml Secuobs.com : 2010-09-20 18:01:49 - Acunetix Web Application Security Blog - Probably my biggest pet peeve related to application security is the claim by many typically management that We know we re secure, we just had an audit I can t tell you how many times I ve seen http://www.secuobs.com/revue/news/249853.shtmlhttp://www.secuobs.com/revue/news/249853.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - Making Web application security work is more than simply telling developers they need to write better code We can scream Write better code and Integrate security into the application lifecycle at developers until end of http://www.secuobs.com/revue/news/246964.shtmlhttp://www.secuobs.com/revue/news/246964.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - The Target Finder tool in Acunetix WVS is a port scanner which can be used to discover running web servers on a given IP or within a specified range of IP s The list of ports http://www.secuobs.com/revue/news/246963.shtmlhttp://www.secuobs.com/revue/news/246963.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - The Subdomain Scanner in Acunetix WVS scans a top-level domain to discover subdomains configured in its hierarchy, by using the target domain s DNS server, or any other DNS server specified by the user While scanning, http://www.secuobs.com/revue/news/246962.shtmlhttp://www.secuobs.com/revue/news/246962.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - With the HTTP Fuzzer tool in Acunetix WVS you can automatically send a large number volume of HTTP Requests including invalid, unexpected and random data to a website, to test its input validation capabilities http://www.secuobs.com/revue/news/246961.shtmlhttp://www.secuobs.com/revue/news/246961.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - Ideal for penetration testers, the Blind SQL injector is an automated database data extraction tool By importing SQL injections discovered when scanning a website, you can see what a serious impact an SQL injection can http://www.secuobs.com/revue/news/246960.shtmlhttp://www.secuobs.com/revue/news/246960.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - The Authentication Tester tool in Acunetix WVS is used to test the strength of both usernames and passwords within HTTP and web forms authentication environments via a dictionary attack Testing HTTP Authentication HTTP authentication is part of http://www.secuobs.com/revue/news/246959.shtmlhttp://www.secuobs.com/revue/news/246959.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - The HTTP Editor tool allows you to create, analyze and edit client HTTP requests and server responses This allows you to further fine tune attacks and check if vulnerabilities were solved You can start the HTTP http://www.secuobs.com/revue/news/246958.shtmlhttp://www.secuobs.com/revue/news/246958.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - It is possible to manually crawl your website using a web browser From these manually crawled links, then it is possible to build a website structure which the final scan will target This is useful http://www.secuobs.com/revue/news/246957.shtmlhttp://www.secuobs.com/revue/news/246957.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - A new version of Acunetix Web Vulnerability Scanner is available in beta, and what a version It has been one long year of development, testing and late nights at the office, though it was all worth http://www.secuobs.com/revue/news/246956.shtmlhttp://www.secuobs.com/revue/news/246956.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - Vulnerability checks in Acunetix Web Vulnerability Scanner version 7 consists of two files script The actual vulnerability check written in JavaScript Such scripts are stored in the Data Scripts sub directory in the Acunetix WVS installation http://www.secuobs.com/revue/news/246955.shtmlhttp://www.secuobs.com/revue/news/246955.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 7 BETA has been released This build includes the following number of improvements Improved Cross-Site scripting XSS vulnerabilities detection scripts Improved blind SQLl injection vulnerability checks to reduce false positives Added http://www.secuobs.com/revue/news/246954.shtmlhttp://www.secuobs.com/revue/news/246954.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - The Release Candidate build for Acunetix Web Vulnerability Scanner Version 7 20100825 is now available for download All of the bugs reported during the Beta were fixed We also added some improvements in this RC http://www.secuobs.com/revue/news/246953.shtmlhttp://www.secuobs.com/revue/news/246953.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - Check out this 4 minutes YouTube video to find out what s new in the new and revolutionary Acunetix Web Vulnerability Scanner Version 7 Click here to watch the high quality version of this video http://www.secuobs.com/revue/news/246952.shtmlhttp://www.secuobs.com/revue/news/246952.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - New scanning engine with improved vulnerability detection AND verification makes finding and fixing security issues in web applications easier London, 1st September 2010 Acunetix, a market leader in web application security scanning technology, today announced http://www.secuobs.com/revue/news/246951.shtmlhttp://www.secuobs.com/revue/news/246951.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - While beta testing the latest version of Acunetix WVS v7, we found a large number of security vulnerabilities in various web applications In the following days we will publish some of these vulnerabilities Note that http://www.secuobs.com/revue/news/246950.shtmlhttp://www.secuobs.com/revue/news/246950.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 In this blog post, we will look into the http://www.secuobs.com/revue/news/246949.shtmlhttp://www.secuobs.com/revue/news/246949.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 In this blog post, we will look into the http://www.secuobs.com/revue/news/246948.shtmlhttp://www.secuobs.com/revue/news/246948.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - If you ve ever ran a Web vulnerability scan you ve likely experienced this situation You fire up your scanner, tweak your settings, and click Start The next thing you know people in customer service, marketing, IT, http://www.secuobs.com/revue/news/246947.shtmlhttp://www.secuobs.com/revue/news/246947.shtml Secuobs.com : 2010-09-17 01:11:07 - Acunetix Web Application Security Blog - We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 In this blog post, we will look into the http://www.secuobs.com/revue/news/246946.shtmlhttp://www.secuobs.com/revue/news/246946.shtml Secuobs.com : 2010-07-28 16:31:51 - Acunetix Web Application Security Blog - Facebook rates as the second most popular website on the internet with 400 million active users When such a website has common web application security flaws, they are going to be abused for one s gain http://www.secuobs.com/revue/news/244613.shtmlhttp://www.secuobs.com/revue/news/244613.shtml Secuobs.com : 2010-07-14 16:06:03 - Acunetix Web Application Security Blog - I was reviewing the most recent SANS RISK Consensus Security Vulnerability Alert and it reminded me of how easy it is to get caught up in the big stuff and overlook the seemingly innocuous when http://www.secuobs.com/revue/news/240510.shtmlhttp://www.secuobs.com/revue/news/240510.shtml Secuobs.com : 2010-07-05 23:34:02 - Acunetix Web Application Security Blog - On the 4th of July 2010 YouTube users began complaining that their videos had been hijacked, the comments section of their videos seemed to be most severely affected, many complained that old comments vanished and new comments could not be added Others reported that offensive messages were popping up on their screen or scrolling horizontally in large fonts and striking colors Some users also seemed to suggest that there were experiencing page redirects, often to sites promoting pornographic content http://www.secuobs.com/revue/news/237810.shtmlhttp://www.secuobs.com/revue/news/237810.shtml Secuobs.com : 2010-06-29 16:06:38 - Acunetix Web Application Security Blog - Acunetix Web Vulnerability Scanner placed first in a paper released by Adam Doup e, Marco Cova, and Giovanni Vigna from the University of California, Santa Barbara In the paper Why Johnny Can t Pentest An Analysis of http://www.secuobs.com/revue/news/236101.shtmlhttp://www.secuobs.com/revue/news/236101.shtml Secuobs.com : 2010-06-22 16:39:41 - Acunetix Web Application Security Blog - Recently over 100,000 Apple customers were affected by an information gathering attack on the AT T website Security experts blame this breach on poorly designed software An analysis of the attack reveals that the hackers did indeed use a classic attack, in fact http://www.secuobs.com/revue/news/233836.shtmlhttp://www.secuobs.com/revue/news/233836.shtml Secuobs.com : 2010-06-21 17:34:05 - Acunetix Web Application Security Blog - Acunetix will be exhibiting at the OWASP AppSec US 2010 in California The event will take place between 7th and 10th of September 2010 The event will be held at UC Irvine Conference Center, in http://www.secuobs.com/revue/news/233491.shtmlhttp://www.secuobs.com/revue/news/233491.shtml Secuobs.com : 2010-06-16 17:24:50 - Acunetix Web Application Security Blog - Looking to hop aboard the Web vulnerability scanning bandwagon to see just how vulnerable your Web site or application really is Well, not so fast Here are some signs you re not ready to being just http://www.secuobs.com/revue/news/232133.shtmlhttp://www.secuobs.com/revue/news/232133.shtml Secuobs.com : 2010-06-09 16:21:58 - Acunetix Web Application Security Blog - Why are Web applications out of the loop when it comes to contingency planning Look at any given security incident response or disaster recovery plan assuming they even exist and chances are business critical Web http://www.secuobs.com/revue/news/230007.shtmlhttp://www.secuobs.com/revue/news/230007.shtml Secuobs.com : 2010-06-01 15:37:14 - Acunetix Web Application Security Blog - In the following demo video, Sandro Gauci of EnableSecurity shows how an attacker can switch off dotDefender in order to bypass any protection offered by the WAF Such attack is possible By exploiting a cross-site http://www.secuobs.com/revue/news/227469.shtmlhttp://www.secuobs.com/revue/news/227469.shtml Secuobs.com : 2010-05-25 16:15:51 - Acunetix Web Application Security Blog - Unfortunately, it is of frequent occurrence that people launch a security scan against a website or web application sitting behind a web application firewall, or some other kind of web security gateway device Scanning a http://www.secuobs.com/revue/news/225419.shtmlhttp://www.secuobs.com/revue/news/225419.shtml Secuobs.com : 2010-05-24 16:03:50 - Acunetix Web Application Security Blog - Acunetix reseller Hat Web Security Labs will be exhibiting Acunetix WVS in the Third Annual Meetings of Heads of Information Systems Security RSSI 2010 The event will take place between 3rd and 4th of June 2010 http://www.secuobs.com/revue/news/225015.shtmlhttp://www.secuobs.com/revue/news/225015.shtml Secuobs.com : 2010-05-20 14:52:59 - Acunetix Web Application Security Blog - A proper web security audit is a mixture of automated and manual tests Acunetix WVS provides a comprehensive tool for automated testing purposes and useful toolbox Digicure can use for manual penetration testing as well http://www.secuobs.com/revue/news/223991.shtmlhttp://www.secuobs.com/revue/news/223991.shtml Secuobs.com : 2010-05-11 15:12:14 - Acunetix Web Application Security Blog - If you re reading this blog, Web security testing is undoubtedly on your radar You may have an ongoing process for testing Web vulnerabilities but do you actually have a policy for it I m all http://www.secuobs.com/revue/news/220975.shtmlhttp://www.secuobs.com/revue/news/220975.shtml Secuobs.com : 2010-05-04 14:07:45 - Acunetix Web Application Security Blog - The CRLF Injection Attack sometimes also referred to as HTTP Response Splitting is a fairly simple, yet extremely powerful web attack Hackers are actively exploiting this web application vulnerability to perform a large variety of http://www.secuobs.com/revue/news/218618.shtmlhttp://www.secuobs.com/revue/news/218618.shtml Secuobs.com : 2010-04-27 18:24:42 - Acunetix Web Application Security Blog - Kudos to Jeff Williams, Dave Wichers, and the rest of the OWASP team for pulling together the final release of the OWASP Top 10 for 2010 Obviously, a lot of thought and work has gone http://www.secuobs.com/revue/news/216497.shtmlhttp://www.secuobs.com/revue/news/216497.shtml Secuobs.com : 2010-04-20 12:28:11 - Acunetix Web Application Security Blog - In case you didn t hear about it already, the story of the day is Gray Powell and the lost iPhone So I searched for him on Google I was really surprised to see that 4 out http://www.secuobs.com/revue/news/214028.shtmlhttp://www.secuobs.com/revue/news/214028.shtml Secuobs.com : 2010-04-14 17:17:27 - Acunetix Web Application Security Blog - On the 9th of April 2010, Apacheorg infrastructure suffered a direct and targeted attack on the server hosting the Apache issue-tracking software, Atlassian JIRA This is the second major compromise the Apache Software Foundation suffered http://www.secuobs.com/revue/news/212100.shtmlhttp://www.secuobs.com/revue/news/212100.shtml Secuobs.com : 2010-04-13 15:42:48 - Acunetix Web Application Security Blog - In this video we look into the details of how an attacker is able to exploit a Cross Site Scripting vulnerability in Mambo CMS version 465 , discovered by Bogdan Calin with Acunetix Web Vulnerability Scanner This http://www.secuobs.com/revue/news/211541.shtmlhttp://www.secuobs.com/revue/news/211541.shtml Secuobs.com : 2010-04-07 15:44:01 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 65 has been released This build includes a number of bug fixes Bug Fixes Fixed Login Sequence Recorder was not using client certificates when recording a login sequence Fixed Login Sequence http://www.secuobs.com/revue/news/209763.shtmlhttp://www.secuobs.com/revue/news/209763.shtml Secuobs.com : 2010-04-06 15:06:25 - Acunetix Web Application Security Blog - Do you ever find yourself driving down the road in an unfamiliar place and you get that gut feeling that you re headed in the wrong direction Well, I feel that s exactly where we are with http://www.secuobs.com/revue/news/209283.shtmlhttp://www.secuobs.com/revue/news/209283.shtml Secuobs.com : 2010-01-12 15:29:42 - Acunetix Web Application Security Blog - The next version of Acunetix Web Vulnerability Scanner version 7 , will contain a much more improved HTTP stack While testing, we wanted to test the new HTTP stack on as many sites as possible to make sure we didn t introduce any bugs Alexa, a web information company, maintains a CSV file containing the top 1,000,000 sites http://www.secuobs.com/revue/news/180670.shtmlhttp://www.secuobs.com/revue/news/180670.shtml Secuobs.com : 2010-01-11 14:30:28 - Acunetix Web Application Security Blog - An updated build of Acunetix WVS Version 65 has been released with a number of new security checks and bug fixes New security checks Test for File Upload IIS bug filenameasp jpg Test for WP-Forum 23 vulnerabilities JBoss rmi ping network script Bug Fixes Bugfix Modified forms notifications from CSA Bugfix CSA Workaround for windowopen with null parameters Fixed In some specific scenarios the http://www.secuobs.com/revue/news/180200.shtmlhttp://www.secuobs.com/revue/news/180200.shtml Secuobs.com : 2010-01-08 18:48:17 - Acunetix Web Application Security Blog - We are proud to announce the launch of Acunetix Web Vulnerability Scanner Version 65 With this new version, we introduced the new file upload forms vulnerability checks Acunetix is the industry s first and only Web Vulnerability Scanner to scan web applications for this type of vulnerabilities Read more about Acunetix and Version 65 release in this http://www.secuobs.com/revue/news/179676.shtmlhttp://www.secuobs.com/revue/news/179676.shtml Secuobs.com : 2010-01-08 18:48:17 - Acunetix Web Application Security Blog - As stated in previous blog posts, hackers don t just hack websites to steal online databases and credit card details Hacktivism, where innocent websites are defaced from malicious users to transmit their political view or opinion, is on the increase In many major world political events, online criminals have a great chance to try and gain http://www.secuobs.com/revue/news/179675.shtmlhttp://www.secuobs.com/revue/news/179675.shtml Secuobs.com : 2009-12-16 02:46:37 - Acunetix Web Application Security Blog - An updated build for Acunetix WVS Version 65 has been released with a number of improvements, bug fixes, and a number of new security checks New security checks JBoss BSHDeployer MBean JBoss checks from RedTeam s paper JBoss HttpAdaptor JMXInvokerServlet JBoss Server MBean JBoss ServerInfo MBean JBoss Web Console JMX Invoker phpShop v081 Multiple Vulnerabilities Invision Power Board v304 Local PHP File Inclusion and http://www.secuobs.com/revue/news/172517.shtmlhttp://www.secuobs.com/revue/news/172517.shtml Secuobs.com : 2009-12-09 13:41:53 - Acunetix Web Application Security Blog - Recently we ve released a new build, build number 20091124 This build includes a new AcuSensor check named curl_exec url is controlled by user This new check will verify if the user can control the URL passed to curl_exec In case you are not familiar with curl, below is a short abstract about curl taken from PHP s manual PHP supports libcurl, a http://www.secuobs.com/revue/news/170116.shtmlhttp://www.secuobs.com/revue/news/170116.shtml Secuobs.com : 2009-11-20 16:22:59 - Acunetix Web Application Security Blog - PHP version 531 was just released This release contains a patch for a denial of service condition we ve reported some time ago The problem is related with PHP s handling of RFC 1867 Form-based File Upload in HTML When you send a POST request to a PHP script with the content-type of multipart form-data and include a list of http://www.secuobs.com/revue/news/163435.shtmlhttp://www.secuobs.com/revue/news/163435.shtml Secuobs.com : 2009-11-16 15:24:43 - Acunetix Web Application Security Blog - The US Air Force s mission is to fly, fight and win in air, space and Cyberspace US Air Force has an elite force defending people from millions of cyber attacks every day in their newest battlefield Cyberspace In a battle field, you re always a target, and you constantly have to protect yourself from the enemies http://www.secuobs.com/revue/news/161174.shtmlhttp://www.secuobs.com/revue/news/161174.shtml Secuobs.com : 2009-11-11 15:16:15 - Acunetix Web Application Security Blog - The earliest public mention I could find of SQL Injection piggybacking SQL statements as the author put it was from someone who called himself Rain Forest Puppy RFP In 1998 RFP wrote an article for Phrack Magazine Volume 9, Issue 54 in which he talks about NT Web Technology Vulnerabilities However I suspect the vulnerability http://www.secuobs.com/revue/news/159767.shtmlhttp://www.secuobs.com/revue/news/159767.shtml Secuobs.com : 2009-11-10 18:01:51 - Acunetix Web Application Security Blog - Question and Answer on Help Net Security Web Application Security with Robert Abela, Acunetix Technical Manager In this interview, Robert discusses web applicaiton attack vectors the impact of Cross-Site Scripting advice on securing web applications Question and Answer on Help Net Security Web Application Security with Robert Abela, Acunetix Technical Manager In this interview, we discuss web application attack vectors the impact of http://www.secuobs.com/revue/news/159415.shtmlhttp://www.secuobs.com/revue/news/159415.shtml http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2016-01-05 10:30:23 - Acunetix Web Application Security Blog : The majority of web applications today make use of a login mechanism where the user must supply a set of credentials in order to navigate to authenticated areas of the web application This allows access to restricted content and content that is customised to the logged in user Most of the interesting data for a Read More The post Authenticated scans more effective How appeared first on Acunetix http://www.secuobs.com/revue/news/594816.shtmlhttp://www.secuobs.com/revue/news/594816.shtml Secuobs.com : 2015-12-30 10:31:06 - Acunetix Web Application Security Blog - Here we identify 4 practical steps SMEs can plan for and implement when they become a victim of website hacking With the massive growth in cyber-crime, it s a sad fact that it s highly likely to become a question of when rather than if Below is an action plan designed to contain and limit the scope Read More The post Help, my website has been hacked What to do now appeared first on Acunetix http://www.secuobs.com/revue/news/594468.shtmlhttp://www.secuobs.com/revue/news/594468.shtml Secuobs.com : 2015-12-28 18:29:18 - Acunetix Web Application Security Blog - Update software and components Whether it s a server s operating system, a web server, a database server or even a client-side JavaScript library, an application should not be running software with known vulnerabilities Updating, removing or replacing software or components with known vulnerabilities sounds obvious, but it s a significant problem that thousands of organizations struggle to Read More The post Defence in Depth Final Part Update software, Isolate services appeared first on Acunetix http://www.secuobs.com/revue/news/594308.shtmlhttp://www.secuobs.com/revue/news/594308.shtml Secuobs.com : 2015-12-22 10:53:54 - Acunetix Web Application Security Blog - The Scanning Options allow you to define the general scanning behaviour of the Acunetix scanning engine Disable alerts generated by crawler Enable this option to disable crawler related alerts, such as broken links, file inputs and files whose name indicates that they can be dangerous etc from being reported Scanning Mode From this Read More The post Scanning Options in the Acunetix Scanning Engine appeared first on Acunetix http://www.secuobs.com/revue/news/593909.shtmlhttp://www.secuobs.com/revue/news/593909.shtml Secuobs.com : 2015-12-21 10:51:01 - Acunetix Web Application Security Blog - Trust no one, validate everything Unfortunately, most vulnerabilities at the application layer can t simply be patched by applying an update In order to fix web application vulnerabilities, software engineers often need to correct mistakes within the application code It s therefore ideal for software engineers to understand the security risks associated with user input At the Read More The post Defence in Depth Part 4 Validate everything, Parameterize SQL queries appeared first on Acunetix http://www.secuobs.com/revue/news/593801.shtmlhttp://www.secuobs.com/revue/news/593801.shtml Secuobs.com : 2015-12-17 12:30:19 - Acunetix Web Application Security Blog - New updates have been released that test for a new Joomla remote code execution vulnerability affecting versions 150 through 345 CVE-2015-8562 Other updates also include improved XML External Entity XXE testing, multiple Cross-site Scripting tests in commonly used libraries and other improvements bug fixes Below is the full list of updates New Features Added a test for Read More The post New Acunetix update includes security checks for Joomla Core RCE, improved XXE tests and more appeared first on Acunetix http://www.secuobs.com/revue/news/593466.shtmlhttp://www.secuobs.com/revue/news/593466.shtml Secuobs.com : 2015-12-15 12:31:37 - Acunetix Web Application Security Blog - A number of big name retailers, insurance providers and companies have hit the headlines with their cyber attacks and data breaches over the last year or two But what about the small and medium businesses There s no doubt they have their own security incidents but due to their smaller size we just don t get to Read More The post Webroot report shows SMBs unprepared to counter cyber security attacks appeared first on Acunetix http://www.secuobs.com/revue/news/593180.shtmlhttp://www.secuobs.com/revue/news/593180.shtml Secuobs.com : 2015-12-10 11:51:45 - Acunetix Web Application Security Blog - FBI hunting Mr Grey hacker and his 12 billion stolen logins In a massive botnet operation which stole data from over 420,000 websites, the FBI are now zoning in on one member of a Russian crime ring known as CyberVor , with their target being known online as Mr Grey Incriminating evidence such as suggestions on Read More The post In the headlines Mr Grey hacker, Vtech hack, US government office hack and more appeared first on Acunetix http://www.secuobs.com/revue/news/592731.shtmlhttp://www.secuobs.com/revue/news/592731.shtml Secuobs.com : 2015-12-09 11:27:43 - Acunetix Web Application Security Blog - Acunetix Web Vulnerability Scanner WVS configuration settings can be accessed from Configuration Application Settings in the Tools Explorer window pane Application Updates In the Application Updates node you can configure when the application should check for both vulnerability and application updates You can also configure the Proxy Server settings if your Internet connection must Read More The post Application Settings in Acunetix WVS appeared first on Acunetix http://www.secuobs.com/revue/news/592578.shtmlhttp://www.secuobs.com/revue/news/592578.shtml Secuobs.com : 2015-12-08 10:31:39 - Acunetix Web Application Security Blog - An application does not need to use the root MySQL , sa Microsoft SQL Server , postgres PostgreSQL or SYSDBA Oracle Database to connect to the database Likewise, it s a bad idea to run daemons or services as root Linux or Administrator Microsoft Windows , unless there is a specific, justifiable, and carefully considered reason to do so Read More The post Defence in Depth Part 3 The Least Privilege Principle appeared first on Acunetix http://www.secuobs.com/revue/news/592399.shtmlhttp://www.secuobs.com/revue/news/592399.shtml Secuobs.com : 2015-12-04 12:16:02 - Acunetix Web Application Security Blog - Sunlit Technologies the Acunetix distributor for Brazil, exhibited at the 6th edition of Security Leaders in Sao Paulo on 18th and 19th November 2015, at Fecomércio SP Rua Doutor Plinio Barreto, 285 Sao Paulo Since 2010, Security Leaders and the Brazilian IT market have been following a broad discussion about new challenges and trends involving technological solutions Read More The post Highlights from Security Leaders in Sao Paulo appeared first on Acunetix http://www.secuobs.com/revue/news/592097.shtmlhttp://www.secuobs.com/revue/news/592097.shtml Secuobs.com : 2015-12-03 14:33:10 - Acunetix Web Application Security Blog - Anyone following the news this week likely learned of the massive breach exposing the personal data of millions of parents and their children VTech, a Hong Kong-based toy maker was hacked, exposing everything from children s names and home addresses, to pictures reportedly, 190GB worth of photos and chat logs was compromised This is yet another Read More The post Takeaways from the VTech Hack, and the Vigilante Side of Security Breaches appeared first on Acunetix http://www.secuobs.com/revue/news/591960.shtmlhttp://www.secuobs.com/revue/news/591960.shtml Secuobs.com : 2015-12-02 10:43:05 - Acunetix Web Application Security Blog - A new report has just been published, covering the current state of cybersecurity in the US healthcare sector Considering the very public breaches of Anthem and other health insurers over the last year, the sector is particularly under scrutiny Unfortunately the results are not very encouraging Of the 94 facilities surveyed, only 61pourcents have a Read More The post HIMSS survey uncovers critical weaknesses in hospital web security appeared first on Acunetix http://www.secuobs.com/revue/news/591817.shtmlhttp://www.secuobs.com/revue/news/591817.shtml Secuobs.com : 2015-11-26 19:30:37 - Acunetix Web Application Security Blog - Acunetix 10 build 20151125 has been released This new build checks for insecure DNS records, insecure CORS configurations, Rails web applications running in development mode, web applications running Tornado and Pyramid in debug mode and various new and updated vulnerability checks including one for vBulletin 5 RCE Below is the full list of updates New Read More The post Acunetix 10 build includes security checks in CORS configurations, Rails web applications and identifies the vBulletin 5 RCE appeared first on Acunetix http://www.secuobs.com/revue/news/591343.shtmlhttp://www.secuobs.com/revue/news/591343.shtml Secuobs.com : 2015-11-26 09:24:25 - Acunetix Web Application Security Blog - Price Waterhouse Coopers have just published a report about cybersecurity Not about the attacks and threats themselves, but about how businesses are tackling the risks Titled the Global State of Information Security Survey 2016, its key findings relate to measures such as external collaboration and cybersecurity insurance In summarising some of the main security strategies Read More The post PWC Global State of Information Security Survey 2016 appeared first on Acunetix http://www.secuobs.com/revue/news/591257.shtmlhttp://www.secuobs.com/revue/news/591257.shtml Secuobs.com : 2015-11-25 09:15:59 - Acunetix Web Application Security Blog - Fail-safe defaults Software is bound to fail Try as we might to create perfect, failure-resistant software, bugs will always exist that might cause software to fail Notwithstanding this, it is important that this potential failure does not expose an application to a security risk An application should feature secure defaults denying access to resources by Read More The post Defence in depth Part 2 Security before obscurity appeared first on Acunetix http://www.secuobs.com/revue/news/591159.shtmlhttp://www.secuobs.com/revue/news/591159.shtml Secuobs.com : 2015-11-23 09:34:20 - Acunetix Web Application Security Blog - Anonymous vs ISIS Naturally, even cybersecurity news in this past week has centred around ISIS in the wake of the Paris attacks The main headline has come from Anonymous, who have again but more formally waged war on ISIS themselves So far their efforts seem to have focused on communication deleting thousands of Twitter accounts Read More The post In the headlines Anonymous vs ISIS, Australian attorney general, NTP and DDoS exploits appeared first on Acunetix http://www.secuobs.com/revue/news/590854.shtmlhttp://www.secuobs.com/revue/news/590854.shtml Secuobs.com : 2015-11-18 13:29:35 - Acunetix Web Application Security Blog - Information security generally refers to defending information from unauthorized access, use, disclosure, disruption, modification or deletion from threats Organizations are constantly facing threats that exist both externally as well as internally be they from nation states, political activists, corporate competitors or even disgruntled employees Defending an organization from these threats is hard because it Read More The post Defence in depth and how it applies to web applications Part 1 appeared first on Acunetix http://www.secuobs.com/revue/news/590393.shtmlhttp://www.secuobs.com/revue/news/590393.shtml Secuobs.com : 2015-11-16 12:38:37 - Acunetix Web Application Security Blog - Sunlit Technologies the Acunetix distributor for Brazil, will be exhibiting at the 6th edition of Security Leaders in Sao Paulo on 18th and 19th November 2015, at Fecomércio SP Rua Doutor Plinio Barreto, 285 Sao Paulo About Security Leaders in Sao Paulo Since 2010, Security Leaders and the Brazilian IT market have been following a broad discussion Read More The post Visit Acunetix at Security Leaders in Sao Paulo appeared first on Acunetix http://www.secuobs.com/revue/news/590165.shtmlhttp://www.secuobs.com/revue/news/590165.shtml Secuobs.com : 2015-11-16 10:39:05 - Acunetix Web Application Security Blog - Out-of-band SQL injection is not very common, mostly because it depends on features being enabled on the database server being used by the web application Out-of-band SQL injection occurs when an attacker is unable to use the same channel to launch the attack and gather results Out-of-band techniques, offer an attacker an alternative to inferential Read More The post SQLi part 6 Out-of-band SQLi appeared first on Acunetix http://www.secuobs.com/revue/news/590151.shtmlhttp://www.secuobs.com/revue/news/590151.shtml Secuobs.com : 2015-11-13 11:29:43 - Acunetix Web Application Security Blog - Comguard, the Acunetix distributor based in Dubai, recently participated in GITEX 2015 between the 18th and 22nd October 2015 Acunetix was showcased as one of the key vendors for Comguard at one of the largest and most important ICT on the planet Now in its 35th year, the 2015 event was attended by over 130,000 Read More The post Gitex Technology Week 2015 highlights appeared first on Acunetix http://www.secuobs.com/revue/news/589973.shtmlhttp://www.secuobs.com/revue/news/589973.shtml Secuobs.com : 2015-11-11 09:12:55 - Acunetix Web Application Security Blog - Inferential SQL injection, unlike in-band SQLi, may take longer for an attacker to exploit, however, it is just as dangerous as any other form of SQL injection In an inferential SQLi attack, no data is actually transferred via the web application and the attacker would not be able to see the result of an attack Read More The post SQLi part 5 Inferential SQLi Blind SQLi appeared first on Acunetix http://www.secuobs.com/revue/news/589740.shtmlhttp://www.secuobs.com/revue/news/589740.shtml Secuobs.com : 2015-11-09 10:44:55 - Acunetix Web Application Security Blog - This week a draft Investigatory Powers Bill was released by Home Secretary Theresa May and is receiving a great deal of media intention, instead being dubbed the UK Surveillance Bill What s it for The bill is introduced as being for consolidation of all the laws governing communications data, in order to make it more straightforward Read More The post The Draft UK Investigatory Powers Bill appeared first on Acunetix http://www.secuobs.com/revue/news/589486.shtmlhttp://www.secuobs.com/revue/news/589486.shtml Secuobs.com : 2015-11-04 11:42:55 - Acunetix Web Application Security Blog - TalkTalk breach could affect 4 million users Another cellphone provider has hit the headlines with a breach this time the UK provider TalkTalk Following an attack which occurred in February, this latest breach happened last week and the company has admitted that not all stolen data was encrypted Information stolen includes names, credit card details, Read More The post In the headlines TalkTalk breach, Joomla and Drupal patches, CISA bill, 1000 KKK members, and more appeared first on Acunetix http://www.secuobs.com/revue/news/589011.shtmlhttp://www.secuobs.com/revue/news/589011.shtml Secuobs.com : 2015-11-04 11:42:55 - Acunetix Web Application Security Blog - A high-severity Remote Code Execution RCE vulnerability has been identified in the latest version of vBulletin The 0-day vulnerability in the popular forum software, came to light when when vBulletin s developers released a security update for versions 514 through 519 of the software on Monday night, just hours after reports surfaced that a hack on Read More The post New vBulletin pre-authentication RCE 0-day discovered, being used in the wild appeared first on Acunetix http://www.secuobs.com/revue/news/589010.shtmlhttp://www.secuobs.com/revue/news/589010.shtml Secuobs.com : 2015-11-02 10:29:40 - Acunetix Web Application Security Blog - SQL injection can be classified into three major categories In-band SQLi, Inferential SQLi and Out-of-band SQLi In this article we shall be exploring In-band SQL Injection In-band SQLi Classic SQLi In-band SQL injection is the most common and easy-to-exploit of SQL injection attacks In-band SQL injection occurs when an attacker is able to use Read More The post SQLi part 4 In-band SQLi Classic SQLi appeared first on Acunetix http://www.secuobs.com/revue/news/588708.shtmlhttp://www.secuobs.com/revue/news/588708.shtml Secuobs.com : 2015-10-30 09:43:28 - Acunetix Web Application Security Blog - 000webhost is one of the most popular free hosting providers out on the Internet Unfortunately for them and their users, all their 13 million user accounts have had their usernames and passwords leaked through what was eventually revealed to be a database breach via an exploit of a vulnerability in an old version of PHP Read More The post 000webhost Breach Exposes 13 Million Passwords appeared first on Acunetix http://www.secuobs.com/revue/news/588488.shtmlhttp://www.secuobs.com/revue/news/588488.shtml Secuobs.com : 2015-10-26 12:16:33 - Acunetix Web Application Security Blog - An SQL injection needs just two conditions to exist a relational database that uses SQL, and a user controllable input which is directly used in an SQL query In the example below, it shall be assumed that the attacker s goal is to exfiltrate data from a database by exploiting an SQL injection vulnerability present in Read More The post SQLi part 3 The anatomy of an SQL Injection attack appeared first on Acunetix http://www.secuobs.com/revue/news/587954.shtmlhttp://www.secuobs.com/revue/news/587954.shtml Secuobs.com : 2015-10-23 12:43:28 - Acunetix Web Application Security Blog - A high-severity SQL injection vulnerability has been identified in versions 32 through to 344 of Joomla The popular Content Management System CMS , second only to WordPress with a staggering 66pourcents CMS marketshare as of October 23, 2015, based on a W3Techs trend reports runs on an estimated 28 million sites according to a survey carried out by Read More The post New Joomla SQL Injection vulnerability gives attackers full control of your website appeared first on Acunetix http://www.secuobs.com/revue/news/587739.shtmlhttp://www.secuobs.com/revue/news/587739.shtml Secuobs.com : 2015-10-21 13:39:21 - Acunetix Web Application Security Blog - It is October again, and that means that it is a better time than ever to set aside some time to gather the relevant troops inside your organization to evaluate your information security posture because October is National Cyber Security Awareness Month Since its inception in 2004, National Cyber Security Awareness Month NCSAM is Read More The post Get tested during Cyber Security Awareness Month appeared first on Acunetix http://www.secuobs.com/revue/news/587489.shtmlhttp://www.secuobs.com/revue/news/587489.shtml Secuobs.com : 2015-10-21 11:14:01 - Acunetix Web Application Security Blog - Flash Zero Day receives emergency patch Poor old Flash is in the headlines again, and this time for a zero-day flaw which is being actively exploited Reported by a researcher and the Google Zero Day project, no details of the vulnerability have been disclosed but the update was rolled out on Friday If you re still Read More The post In the headlines Flash and Chrome patches, Dridex botnet, WP Akismet and more appeared first on Acunetix http://www.secuobs.com/revue/news/587466.shtmlhttp://www.secuobs.com/revue/news/587466.shtml Secuobs.com : 2015-10-20 10:15:56 - Acunetix Web Application Security Blog - Alliance Technology Partners and Acunetix recently exhibited at America s Center Convention Complex for St Louis SecureWorld 2015 Over the past decade SecureWorld has emerged as one of North America s most vital cybersecurity conference, providing globally relevant education, training and networking for cybersecurity professionals on a regional level Read More The post Secureworld St Louis Cybersecurity Conference highlights appeared first on Acunetix http://www.secuobs.com/revue/news/587325.shtmlhttp://www.secuobs.com/revue/news/587325.shtml Secuobs.com : 2015-10-19 13:23:37 - Acunetix Web Application Security Blog - Comguard, the Acunetix distributor based in Dubai, will be participating in GITEX 2015 between the 18th and 22nd October 2015 Now in its 35th year, Gitex is heralded as one of the largest and most important ICT events around the globe Alive with the energy of the ICT sector and the buzz of real business, GITEX Technology Read More The post Visit Acunetix at Gitex Technology Week 2015 appeared first on Acunetix http://www.secuobs.com/revue/news/587205.shtmlhttp://www.secuobs.com/revue/news/587205.shtml Secuobs.com : 2015-10-19 11:36:23 - Acunetix Web Application Security Blog - Acunetix Receives 2nd highest product score for Manual Web Penetration Testing in Gartner s 2015 Critical Capabilities for Application Security Testing Report Gartner, Inc, the leading provider of research and analysis on the global information technology industry, has recognised Acunetix as a challenger, assigning Acunetix Web Vulnerability Scanner a score of 436 out of 50 in Read More The post Gartner recognizes Acunetix as a Challenger for Application Security Testing in 2015 appeared first on Acunetix http://www.secuobs.com/revue/news/587189.shtmlhttp://www.secuobs.com/revue/news/587189.shtml Secuobs.com : 2015-10-15 10:44:39 - Acunetix Web Application Security Blog - SQL is a programming language designed for managing data stored in an RDBMS, therefore SQL can be used to access, modify and delete data Furthermore, in specific cases, an RDBMS could also run commands on the operating system from an SQL statement Keeping the above in mind, when considering the following, it s easier to understand Read More The post SQLi part 2 What s the worst an attacker can do with SQL appeared first on Acunetix http://www.secuobs.com/revue/news/586826.shtmlhttp://www.secuobs.com/revue/news/586826.shtml Secuobs.com : 2015-10-13 10:16:31 - Acunetix Web Application Security Blog - A joint report analysing the cost of data breaches has been released by IBM and Ponemon Institute Having surveyed 350 companies globally, they ve found that the average cost of a data breach is increasing, having gone from 352m in 2014 to 379m in 2015 The cost per breached record has also increased, from 145 to Read More The post The 2015 Cost of Data Breach analysis by Ponemon Institute appeared first on Acunetix http://www.secuobs.com/revue/news/586514.shtmlhttp://www.secuobs.com/revue/news/586514.shtml Secuobs.com : 2015-10-12 10:17:14 - Acunetix Web Application Security Blog - Acunetix Vulnerability Scan results can now be imported into the FortiWeb Web Application Firewall WAF LONDON, 12th October 2015 Acunetix, a market leader in web application security technology, today announced that Acunetix web vulnerability scan results can now be imported into the new FortiWeb 4000E and 3000E Web Application Firewalls WAFs to automatically configure Read More The post Fortinet uses Acunetix to offer immediate Vulnerability detection appeared first on Acunetix http://www.secuobs.com/revue/news/586392.shtmlhttp://www.secuobs.com/revue/news/586392.shtml Secuobs.com : 2015-10-08 10:12:55 - Acunetix Web Application Security Blog - Acunetix Online Vulnerability Scanner OVS has been updated to provide better web and perimeter security, while providing an improved indication of the security of your assets Through this update, Acunetix OVS users can easily identify their long forgotten assets, rest assured that their servers are being constantly checked for the latest vulnerabilities The following is Read More The post Acunetix OVS updated to allow better Vulnerability Management appeared first on Acunetix http://www.secuobs.com/revue/news/586044.shtmlhttp://www.secuobs.com/revue/news/586044.shtml Secuobs.com : 2015-10-06 10:13:51 - Acunetix Web Application Security Blog - Australian department store David Jones victim of hack Australian department store giant David Jones has informed customers through a notice on their site, that they were recently hacked However, they also assured account holders that no financial data had been breached and that there was no need to take any action The Australian Federal Police Read More The post In the headlines David Jones and T-Mobile hack, remote code execution bugs, WinRAR vulnerability, and more appeared first on Acunetix http://www.secuobs.com/revue/news/585760.shtmlhttp://www.secuobs.com/revue/news/585760.shtml Secuobs.com : 2015-10-05 11:37:22 - Acunetix Web Application Security Blog - In this 6 part series on SQLi SQL Injection we shall be describing the vulnerability and its variants, showing how it works and what an attacker can do with it SQL injection SQLi refers to an injection attack wherein an attacker can execute malicious SQL statements also commonly referred to as a malicious payload that Read More The post SQLi How it works Part 1 appeared first on Acunetix http://www.secuobs.com/revue/news/585658.shtmlhttp://www.secuobs.com/revue/news/585658.shtml Secuobs.com : 2015-10-01 11:40:37 - Acunetix Web Application Security Blog - With Acunetix Web Vulnerability Scanner WVS , you can create a custom cookie which can be used during a website crawl to emulate a user or to automatically login to a section of the website without requiring the Login Sequence Recorder In order to add a custom cookie Navigate to Configuration Scan Settings Custom Read More The post Scanning for vulnerabilities using Custom Cookies appeared first on Acunetix http://www.secuobs.com/revue/news/585327.shtmlhttp://www.secuobs.com/revue/news/585327.shtml Secuobs.com : 2015-09-29 11:36:04 - Acunetix Web Application Security Blog - The Acunetix Port Scanner performs a port scan against the server hosting the scanned website When open ports are found, Acunetix Web Vulnerability Scanner will proceed with network level security checks against the network service running on that port, such as DNS Open Recursion tests, badly configured proxy server tests, weak SNMP community strings, and Read More The post Acunetix Port Scanner appeared first on Acunetix http://www.secuobs.com/revue/news/584994.shtmlhttp://www.secuobs.com/revue/news/584994.shtml Secuobs.com : 2015-09-29 10:26:55 - Acunetix Web Application Security Blog - This article explains how to retain your settings and reports database while upgrading between versions of Acunetix WVS Note that the procedure to upgrade to a newer build within the same version is different It is recommended that you backup your settings before proceeding with the upgrade Perform the following to upgrade a previous version Read More The post Upgrading from a previous version of Acunetix WVS appeared first on Acunetix http://www.secuobs.com/revue/news/584985.shtmlhttp://www.secuobs.com/revue/news/584985.shtml Secuobs.com : 2015-09-28 12:43:45 - Acunetix Web Application Security Blog - Acunetix WVS v10 build 20150921 has been released This new build checks for Cross Site Scripting in mobile-touch event handlers and for various vulnerabilities in products such as Composer, Zend Framework, AjaxControlToolkit and others Below is a full list of updates New Features Added a new test looking for development configuration files such as Vagrantfile, Read More The post Acunetix 10 new build checks for vulnerabilities in Composer, Zend Framework, AjaxControlToolkit appeared first on Acunetix http://www.secuobs.com/revue/news/584869.shtmlhttp://www.secuobs.com/revue/news/584869.shtml Secuobs.com : 2015-09-28 11:23:40 - Acunetix Web Application Security Blog - South Africa is the latest country taking measures to tighten up on cyber crime In the draft of their Cybercrimes and Cyber Security bill, are included explicit penalties for cyber crimes, ranging from fines to a maximum of 25 years in prison The draft includes mention of areas where the current South African laws have Read More The post South African cyber crimes bill released, includes 25 year sentencing appeared first on Acunetix http://www.secuobs.com/revue/news/584844.shtmlhttp://www.secuobs.com/revue/news/584844.shtml Secuobs.com : 2015-09-23 12:20:34 - Acunetix Web Application Security Blog - South Korea has had over 110,000 cyber attacks in the last 5 years A recently released report has revealed that South Korean government agencies were subject to over 114,000 cyber attacks in the last five years The report, compiled using data from the National Computing and Information Agency shows that the departments targeted most frequently Read More The post In the headlines South Korea s cyber attacks, DHS networks, Adobe Shockwave Player and more appeared first on Acunetix http://www.secuobs.com/revue/news/584413.shtmlhttp://www.secuobs.com/revue/news/584413.shtml Secuobs.com : 2015-09-22 10:27:37 - Acunetix Web Application Security Blog - A fundamental aspect of web applications which developers should bear in mind is securing the input inserted by the user Many times, due to lack of attention or understanding, programmers might ignore the review of the code, resulting in security breaches, which through exploiting represent a threat to the confidentiality of the users data and Read More The post XSS in Google Feedburner appeared first on Acunetix http://www.secuobs.com/revue/news/584239.shtmlhttp://www.secuobs.com/revue/news/584239.shtml Secuobs.com : 2015-09-15 13:27:18 - Acunetix Web Application Security Blog - Comguard, an exclusive Acunetix distributor for UAE, is organising a Webinar together with the Acunetix Support Team for customers to learn more about the USPs of the product and to help generate sales Register today Acunetix Webinar Monday, 21 September 2015 11 30 Arabian Time Abu Dhabi, Muscat, GMT 04 00 1 hr 30 mins Read More The post Webinar Grow your business with Acunetix appeared first on Acunetix http://www.secuobs.com/revue/news/583536.shtmlhttp://www.secuobs.com/revue/news/583536.shtml Secuobs.com : 2015-09-10 10:40:25 - Acunetix Web Application Security Blog - Windows 10 Keylogger and how to switch it off When the first Windows 10 preview was released, there were reports of it containing a keylogger It now appears that this feature did indeed make it into the released version, via the Windows helper Cortana As Microsoft themselves state When you interact with your Windows device Read More The post In the headlines FireEye and Kaspersky vulnerabilities, Windows 10 Keylogger and more appeared first on Acunetix http://www.secuobs.com/revue/news/582945.shtmlhttp://www.secuobs.com/revue/news/582945.shtml Secuobs.com : 2015-09-09 10:46:30 - Acunetix Web Application Security Blog - Cross-site Scripting XSS has been making the Top 5 list of exploitable vulnerabilities since it was first discovered way back in the 1990s The term XSS refers to a client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application XSS is notoriously amongst the most rampant of Read More The post Cross-site Scripting and its variants explained appeared first on Acunetix http://www.secuobs.com/revue/news/582792.shtmlhttp://www.secuobs.com/revue/news/582792.shtml Secuobs.com : 2015-09-07 11:40:36 - Acunetix Web Application Security Blog - Every week the headlines carry news of high profile cyber-attacks, in fact every day cyber criminals compromise thousands of websites often without the site owner knowing A recent study of 15,000 websites found nearly half contained a high-severity vulnerability waiting to be exploited Acunetix Web Application Vulnerability Report 2015 The sad fact is that Read More The post What preventive steps can SMEs take to reduce the chance of cyber-attack appeared first on Acunetix http://www.secuobs.com/revue/news/582592.shtmlhttp://www.secuobs.com/revue/news/582592.shtml Secuobs.com : 2015-09-04 09:41:06 - Acunetix Web Application Security Blog - Netflix has released an open source tool that their engineering team have developed in-house that can find second-order XSS vulnerabilities in web applications The tool is called Sleepy Puppy, and while it s a good initiative from Netflix, the auto-detection of Delayed XSS is nothing new In August 2013, Acunetix announced it s 9th edition of it s flagship Read More The post Netflix Sleepy Puppy Nothing new appeared first on Acunetix http://www.secuobs.com/revue/news/582414.shtmlhttp://www.secuobs.com/revue/news/582414.shtml Secuobs.com : 2015-09-01 13:36:08 - Acunetix Web Application Security Blog - Many websites include web forms that capture visitor data, such as download forms Acunetix Web Vulnerability Scanner can be configured to automatically submit random data or specific values to web forms during the crawl and scan stages of a security audit By default, Acunetix Web Vulnerability Scanner uses a generic submit rule that will submit generic Read More The post Acunetix WVS Input Fields appeared first on Acunetix http://www.secuobs.com/revue/news/582016.shtmlhttp://www.secuobs.com/revue/news/582016.shtml Secuobs.com : 2015-09-01 12:23:30 - Acunetix Web Application Security Blog - Everything is geared to IT security at it-sa which is to be held in Nuremberg, Germany between the 6th to 8th October 2015 Use this opportunity to exchange views with the leading IT security experts and source information on the latest products and services Besides solutions for IT security and the top issues of cloud Read More The post IT Security Expo and Congress it-sa 2015 appeared first on Acunetix http://www.secuobs.com/revue/news/582010.shtmlhttp://www.secuobs.com/revue/news/582010.shtml Secuobs.com : 2015-08-31 12:28:37 - Acunetix Web Application Security Blog - The mainstream media is in a frenzy about the Ashley Madison hack, and with good reason Aside from the shady social and moral motives that most people are criticising Avid Life Media the site s owners about, the breach is a notable one in terms of what the attackers made off with Among the stolen data Read More The post Password hashing and the Ashley Madison hack appeared first on Acunetix http://www.secuobs.com/revue/news/581915.shtmlhttp://www.secuobs.com/revue/news/581915.shtml Secuobs.com : 2015-08-28 11:41:50 - Acunetix Web Application Security Blog - Acunetix General Manager, Chris Martin was interviewed by Len Rust for the popular Australasian ICT news platform Rust Report during Cebit in Sydney Australia 2015 In his interview, Mr Martin gives a brief overview of the company, describes what sets Acunetix apart from its competitors, and talks about the company s greatest challenges and opportunities Read More The post Acunetix GM interviewed on Rust Report appeared first on Acunetix http://www.secuobs.com/revue/news/581702.shtmlhttp://www.secuobs.com/revue/news/581702.shtml Secuobs.com : 2015-08-28 10:16:24 - Acunetix Web Application Security Blog - Join network security industry leaders at America s Center Convention Complex for St Louis SecureWorld 2015 to be held on September 22nd and 23rd Alliance Partners and Acunetix will be exhibiting at Booth 305 Find out more on keynotes and speakers and register for conference discounts today Read More The post Secureworld St Louis Cyber Security Conference appeared first on Acunetix http://www.secuobs.com/revue/news/581693.shtmlhttp://www.secuobs.com/revue/news/581693.shtml Secuobs.com : 2015-08-27 11:15:24 - Acunetix Web Application Security Blog - Adultery site data hits the web with serious consequences The Ashley Madison hack continues to grab headlines, with a reported 39GB of data having now been dumped online What also emerged from the leaked data is that around 90pourcents of users were in fact male Some minor celebrities have had fingers pointed and there have Read More The post In the headlines Ashley Madison hack, new Flash vulnerabilities, Stolen IRS tax records and more appeared first on Acunetix http://www.secuobs.com/revue/news/581569.shtmlhttp://www.secuobs.com/revue/news/581569.shtml Secuobs.com : 2015-08-19 12:23:32 - Acunetix Web Application Security Blog - The WordPress team have just announced that the 43 release of the massively popular blogging and content management software has been released to the public While there are some interesting new usability features, the WordPress team have also released a new security feature that deals with the way passwords are reset The new and improved Read More The post WordPress 43 Billie improves password resets appeared first on Acunetix http://www.secuobs.com/revue/news/580674.shtmlhttp://www.secuobs.com/revue/news/580674.shtml Secuobs.com : 2015-08-18 15:29:30 - Acunetix Web Application Security Blog - Oracle publish then delete blog whining about bug finders We re well in the age of the bug bounty , where companies have cottoned on to the fact that it s safer to pay those who discover security flaws in their products, than risk them being published and exploited Well, apparently Oracle s CSO begs to differ, as exposed Read More The post In the headlines Oracle CSO fracas, Wassenaar re-evaluated, car hacking lawsuits and more appeared first on Acunetix http://www.secuobs.com/revue/news/580563.shtmlhttp://www.secuobs.com/revue/news/580563.shtml Secuobs.com : 2015-08-11 13:26:06 - Acunetix Web Application Security Blog - Chinese Internet Policing Becomes Literal China is well known for having some of the strictest internet restrictions in the world and the level of control from the government is now set to increase further, with police being posted at the larger internet companies The government claims this initiative is designed to strengthen national security by Read More The post In the headlines Chinese VPN Services, MasterCard survey, Firefox Exploit and more appeared first on Acunetix http://www.secuobs.com/revue/news/579827.shtmlhttp://www.secuobs.com/revue/news/579827.shtml Secuobs.com : 2015-07-31 12:14:50 - Acunetix Web Application Security Blog - Acunetix WVS v10 has introduced several new features, including an entirely re-engineered Login Sequence Recorder The feature we re going to be focusing on in this post is the ability to import the output of other tools into Acunetix WVS to facilitate the testing process of complex web applications and web services The crawler can automatically crawl practically Read More The post External Tools Support in v10 appeared first on Acunetix http://www.secuobs.com/revue/news/578991.shtmlhttp://www.secuobs.com/revue/news/578991.shtml Secuobs.com : 2015-07-31 12:14:50 - Acunetix Web Application Security Blog - Business logic in web applications refers to the encoding of real-world business rules that determine how data should be created, displayed, stored, and changed in a workflow-style process Applications implementing business logic are not easy to test automatically because they are meant to be used and understood by humans, not automated software So for example, Read More The post Business Logic Security Testing with Acunetix v10 appeared first on Acunetix http://www.secuobs.com/revue/news/578990.shtmlhttp://www.secuobs.com/revue/news/578990.shtml Secuobs.com : 2015-07-30 20:46:45 - Acunetix Web Application Security Blog - Major Android vulnerability leaves billions of devices open to attack This week saw some serious Android vulnerabilities hit the headlines according to various reports these affect 95pourcents of Android devices, allowing them to be hacked simply be receiving an MMS message The six vulnerabilities are said to be the worst Android vulnerabilities ever uncovered The Read More The post In the headlines Android vulnerabilities, MongoDB database and more appeared first on Acunetix http://www.secuobs.com/revue/news/578937.shtmlhttp://www.secuobs.com/revue/news/578937.shtml Secuobs.com : 2015-07-29 19:18:40 - Acunetix Web Application Security Blog - The new Login Sequence Recorder LSR in version 10 is probably the most evident change to the product The LSR has been re-engineered from the ground up to better meet the requirements of crawling and scanning modern web applications The new LSR helps pen-testers and quality assurance engineers alike by simplifying the testing of applications Read More The post Why a new Login Sequence Recorder, and what it means to users appeared first on Acunetix http://www.secuobs.com/revue/news/578786.shtmlhttp://www.secuobs.com/revue/news/578786.shtml Secuobs.com : 2015-07-29 19:18:40 - Acunetix Web Application Security Blog - Any webmaster who has administered a blog with comments enabled or a forum knows all too well what a nightmare spam comment and post can be While spam remains a problem, there are a lot of options most notably Akismet for WordPress how you can go about reducing it Spam is annoying, a nightmare to Read More The post Scanning for malicious links and phishing links appeared first on Acunetix http://www.secuobs.com/revue/news/578785.shtmlhttp://www.secuobs.com/revue/news/578785.shtml Secuobs.com : 2015-07-24 11:30:28 - Acunetix Web Application Security Blog - Google calls Wassenaar rules unfeasible The Wassenaar rules potential transposition into US law came to light a few weeks ago and just as the open comments on the proposal come to an end, Google have officially spoken out against the proposal We believe that these proposed rules, as currently written, would have a significant negative Read More The post In the headlines Ashleymadisoncom, CVS pharmacy, Jeep hack and more appeared first on Acunetix http://www.secuobs.com/revue/news/578229.shtmlhttp://www.secuobs.com/revue/news/578229.shtml Secuobs.com : 2015-07-24 09:37:24 - Acunetix Web Application Security Blog - Acunetix has exhibited at RSA Conference Asia Pacific Japan between the 22 24 July at the Marina Bay Sands, Singapore Read More The post Acunetix exhibits at RSA Conference Asia Pacific Japan appeared first on Acunetix http://www.secuobs.com/revue/news/578210.shtmlhttp://www.secuobs.com/revue/news/578210.shtml Secuobs.com : 2015-07-21 12:34:12 - Acunetix Web Application Security Blog - Black Hat USA is one of the biggest security events on the global calendar now in its 18th year the six day event is well attended by the security staff of some of the biggest companies, with many having more than 5000 employees Therefore, this is an excellent place to hold a survey about cyber Read More The post Black Hat Infosecurity Report reviewed appeared first on Acunetix http://www.secuobs.com/revue/news/577809.shtmlhttp://www.secuobs.com/revue/news/577809.shtml Secuobs.com : 2015-07-15 12:44:34 - Acunetix Web Application Security Blog - Hacking Team data leak result of Adobe Flash Zero day vulnerability If you ve seen any security news this last week then it will have been impossible to miss the fact that Italian security company Hacking Team suffered a breach The implications of this are huge, largely because of their, previously classified, customer base It was Read More The post In the headlines Adobe Flash zero day and Java zero day vulnerabilities, and more appeared first on Acunetix http://www.secuobs.com/revue/news/577139.shtmlhttp://www.secuobs.com/revue/news/577139.shtml Secuobs.com : 2015-07-15 11:30:38 - Acunetix Web Application Security Blog - 50pourcents of businesses would fail at PCI compliance London, 13th July 2015 A new report on 5,500 companies comprising 15,000 website and network scans, performed on over 19 million files, finds nearly half of the web applications scanned contained a high security vulnerability such as XSS or SQL Injection, while almost 4 in 5 Read More The post Nearly all websites have serious security vulnerabilities new research shows appeared first on Acunetix http://www.secuobs.com/revue/news/577126.shtmlhttp://www.secuobs.com/revue/news/577126.shtml Secuobs.com : 2015-07-08 15:26:23 - Acunetix Web Application Security Blog - Last Monday, OpenSSL core team member Mark J Cox, delivered some, grim, but somewhat expected news on OpenSSL s mailing list A new version of OpenSSL is due to be released this Thursday 9th July, fixing a single security defect classified as high severity OpenSSL is a widely used open-source toolkit for implementing the SSL TLS protocols, Read More The post Is the new OpenSSL vulnerability Heartbleed all over again appeared first on Acunetix http://www.secuobs.com/revue/news/576475.shtmlhttp://www.secuobs.com/revue/news/576475.shtml Secuobs.com : 2015-07-08 14:17:10 - Acunetix Web Application Security Blog - Last Monday, OpenSSL core team member Mark J Cox, delivered some, grim, but somewhat expected news on OpenSSL s mailing list A new version of OpenSSL is due to be released this Thursday 9th July, fixing a single security defect classified as high severity OpenSSL is a widely used open-source toolkit for implementing the SSL TLS Read More The post Is OpenSSL s new mystery bug Heartbleed all over again appeared first on Acunetix http://www.secuobs.com/revue/news/576459.shtmlhttp://www.secuobs.com/revue/news/576459.shtml Secuobs.com : 2015-07-08 12:16:08 - Acunetix Web Application Security Blog - A year after the release of the online version of our vulnerability scanner in March 2014, Acunetix have aggregated the findings of over 15,000 scans performed on 19 million files over the past 12 months with some interesting results The report details the most common vulnerabilities found, how often they occurred and which bugs our users Read More The post Acunetix Web Application Vulnerability Report 2015 appeared first on Acunetix http://www.secuobs.com/revue/news/576456.shtmlhttp://www.secuobs.com/revue/news/576456.shtml Secuobs.com : 2015-07-07 14:15:07 - Acunetix Web Application Security Blog - Acunetix Web Vulnerability Scanner version 10 build 20150707 has been updated to include new vulnerability checks, including the detection of Same Origin Method Execution, XSLT Injection, Blind ut of band Remote Code Execution and Blind out of band SQL Injection This build also includes various updates to the new Login Sequence Recorder The following is Read More The post Acunetix updated to detect vulnerabilities including Blind Out-of-band SQLi and RCE appeared first on Acunetix http://www.secuobs.com/revue/news/576352.shtmlhttp://www.secuobs.com/revue/news/576352.shtml Secuobs.com : 2015-07-07 12:31:05 - Acunetix Web Application Security Blog - Acunetix AcuMonitor is a free intermediary service that helps detect second-order vulnerabilities ie vulnerabilities that do not provide a response to a scanner during testing during a scan AcuMonitor made its debut with Acunetix WVS version 9 Since then, we ve continuously improved the service and the number of vulnerabilities it can detect With the latest Read More The post Blind Out-of-band SQL Injection vulnerability testing added to AcuMonitor appeared first on Acunetix http://www.secuobs.com/revue/news/576338.shtmlhttp://www.secuobs.com/revue/news/576338.shtml Secuobs.com : 2015-07-07 12:31:05 - Acunetix Web Application Security Blog - Similar to Blind Out-of-band SQL Injection vulnerabilities, AcuMonitor can now detect Blind Out-of-band Remote Code Execution vulnerabilities Let s consider a vulnerable PHP application that contains the following code cmd isset GET '1' GET '1' '' if cmd exec 'ping -c 1 ' cmd This application executes a shell command that is composed from Read More The post Blind Out-of-band Remote Code Execution vulnerability testing added to AcuMonitor appeared first on Acunetix http://www.secuobs.com/revue/news/576337.shtmlhttp://www.secuobs.com/revue/news/576337.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - Successful automated web security testing is all about being able to test a broad range of technologies effectively in a scalable manner We are proud to introduce Acunetix Web Vulnerability Scanner version 10, featuring the all new Login Sequence Recorder allowing you to easily teach the scanner how to login to a website or web Read More The post VIDEO What s New in Acunetix WVS 10 appeared first on Acunetix http://www.secuobs.com/revue/news/575233.shtmlhttp://www.secuobs.com/revue/news/575233.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - Acunetix WVS v10 improves its support for crawling and identifying vulnerabilities in various web technologies This is the result of feedback gathered during the past months from our user-base Keeping abreast with updates to web technologies is of utmost importance, as it allows Acunetix to detect web vulnerabilities in the websites that are developed using Read More The post Increased support for REST, Java and Ruby on Rails testing appeared first on Acunetix http://www.secuobs.com/revue/news/575232.shtmlhttp://www.secuobs.com/revue/news/575232.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - As from Acunetix WVS v10, an Acunetix crawl can be pre-seeded using various techniques Pre-seeding an Acunetix Crawl with such data gives the Acunetix Crawler a head start when scanning the site, while ensuring that the requests already captured using other tools are not missed by the Acunetix Crawler This may happen when there are Read More The post Pre-seeding a crawl using output from Fiddler, Burp, Selenium and HAR files appeared first on Acunetix http://www.secuobs.com/revue/news/575231.shtmlhttp://www.secuobs.com/revue/news/575231.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - As from Acunetix WVS v10, an Acunetix crawl can be pre-seeded using various techniques, one of which is by using a 3rd party command line tool or a custom script This is very useful when an automated Acunetix scan needs to be done on a website which is already being probed using such custom tools Read More The post How to pre-seed a crawl using a 3rd party command line tool custom script appeared first on Acunetix http://www.secuobs.com/revue/news/575230.shtmlhttp://www.secuobs.com/revue/news/575230.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - As from Acunetix WVS v10, an Acunetix crawl can be pre-seeded using various techniques, one of which is by using Selenium Scripts This is very useful when an automated Acunetix scan needs to be done on a website which is already being automatically tested using Selenium Pre-seeding an Acunetix Crawl with such data gives the Read More The post How to pre-seed a crawl using Selenium scripts appeared first on Acunetix http://www.secuobs.com/revue/news/575229.shtmlhttp://www.secuobs.com/revue/news/575229.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - As from Acunetix WVS v10, an Acunetix crawl can be pre-seeded using various techniques, one of which is by using an HTTP Archive HAR This is very useful when connections to the website have already been assessed using other tools that support exporting the HTTP connections to aHAR file The Development Tools of most modern Read More The post How to pre-seed a crawl using an HTTP Archive HAR file appeared first on Acunetix http://www.secuobs.com/revue/news/575228.shtmlhttp://www.secuobs.com/revue/news/575228.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - As from Acunetix WVS v10, an Acunetix crawl can be pre-seeded using various techniques, one of which is by using Saved Items and State files from Burp Suite This is very useful when an automated Acunetix scan needs to be done following the assessment of the same website using Burp Pre-seeding an Acunetix Crawl with Read More The post How to pre-seed a crawl using Burp Saved Items and Burp State files appeared first on Acunetix http://www.secuobs.com/revue/news/575227.shtmlhttp://www.secuobs.com/revue/news/575227.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - As from Acunetix WVS v10, an Acunetix crawl can be pre-seeded using various techniques, one of which is by using a Fiddler Session Archive, which are generally stored as saz files This is very useful when connections to the web site that is to be assessed have already been proxied through Fiddler as part of Read More The post How to pre-seed a crawl using a Fiddler Session Archive saz file appeared first on Acunetix http://www.secuobs.com/revue/news/575226.shtmlhttp://www.secuobs.com/revue/news/575226.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - As from Acunetix WVS v10, an Acunetix crawl can be pre-seeded using various techniques, one of which is by using a log file exported from the Acunetix HTTP Sniffer This is very useful when connections to the website have already been captured when manually assessing the website using the Acunetix HTTP Sniffer Pre-seeding an Acunetix Read More The post How to pre-seed a crawl using an Acunetix HTTP Sniffer log file appeared first on Acunetix http://www.secuobs.com/revue/news/575225.shtmlhttp://www.secuobs.com/revue/news/575225.shtml Secuobs.com : 2015-06-24 11:26:32 - Acunetix Web Application Security Blog - Acunetix Vulnerability Scanner v10 On premise and Online includes a malware detection service that detects URLs linking to external sites known to host malware or that are known to be used for phishing attacks Such links may indicate that the site being scanned has either been compromised, or that somehow an attacker has managed to Read More The post Detecting malware and phishing links using Acunetix WVS appeared first on Acunetix http://www.secuobs.com/revue/news/575224.shtmlhttp://www.secuobs.com/revue/news/575224.shtml Secuobs.com : 2015-06-23 11:20:04 - Acunetix Web Application Security Blog - Windows 10 due to support SSH As you should now have heard, or as you might notice from the new little Windows icon on your taskbar, Windows 10 is due to be released at the end of July The most interesting bit of news from a security point of view is that Microsoft are introducing Read More The post In the headlines Windows 10, Drupal, GitHub and more appeared first on Acunetix http://www.secuobs.com/revue/news/575062.shtmlhttp://www.secuobs.com/revue/news/575062.shtml Secuobs.com : 2015-06-10 10:28:01 - Acunetix Web Application Security Blog - As a pen-tester, there are going to be situations where you will be asked to provide evidence of the seriousness of a vulnerability that has been identified There is ample documentation on how to do this for the more common vulnerabilities such as Cross Site Scripting XSS or SQL Injection But what if you need to Read More The post Using an SSRF vulnerability to scan the web server s network appeared first on Acunetix http://www.secuobs.com/revue/news/573550.shtmlhttp://www.secuobs.com/revue/news/573550.shtml Secuobs.com : 2015-06-09 17:37:23 - Acunetix Web Application Security Blog - In Australia, the government provides formal guidance regarding cyber security in the form of the Strategies to Mitigate Targeted Cyber Intrusions document, issued by the Department of Defence This ties with the statutory information security compliance which anyone handling Australian Government data is subject to They also rank these in order of importance from essential Read More The post ASD Strategies to Mitigate Targeted Cyber Intrusions appeared first on Acunetix http://www.secuobs.com/revue/news/573483.shtmlhttp://www.secuobs.com/revue/news/573483.shtml Secuobs.com : 2015-06-04 12:32:01 - Acunetix Web Application Security Blog - The UK 2015 information security breaches survey has just been published, showing as anticipated that just about every aspect of security breaches is on the increase A staggering 90pourcents of large organisations surveyed admitted to having experienced at least one breach within the last year, up 9pourcents from the previous year Similarly small business breaches Read More The post UK 2015 information security breaches survey appeared first on Acunetix http://www.secuobs.com/revue/news/572983.shtmlhttp://www.secuobs.com/revue/news/572983.shtml Secuobs.com : 2015-05-28 12:27:00 - Acunetix Web Application Security Blog - If you work in the realm of cyber security and monitor its goings-on then you will probably have come across this hashtag lately wassenaar Here we re going to explain what s happening, what exactly it means and how it might affect you Wassenaar is the name of the town in the Netherlands where, in 1996, 41 Read More The post The What, Why and How of Wassenaar appeared first on Acunetix http://www.secuobs.com/revue/news/572219.shtmlhttp://www.secuobs.com/revue/news/572219.shtml Secuobs.com : 2015-05-27 10:25:46 - Acunetix Web Application Security Blog - mSpy surveillance service hacked In a somewhat ironic turn of events, mSpy, a provider of software allowing people to track others such as their children or spouses, has admitted to suffering a data breach The news emerged through the Krebs on Security blog by security expert Brian Krebs, who was anonymously directed to the data Read More The post In the headlines mSpy, Friend Finder and more appeared first on Acunetix http://www.secuobs.com/revue/news/572065.shtmlhttp://www.secuobs.com/revue/news/572065.shtml Secuobs.com : 2015-05-21 19:36:05 - Acunetix Web Application Security Blog - Telstra, Australia s largest telephone operating company, revealed yesterday that its internal corporate network Pacnet had been compromised via an SQL Injection attack So far it is not yet known what exactly was taken from the network, but it is clear that the perpetrators had complete access to the corporate network, including email and admin systems Read More The post Telstra reveals Pacnet succumbs to SQLi attack appeared first on Acunetix http://www.secuobs.com/revue/news/571567.shtmlhttp://www.secuobs.com/revue/news/571567.shtml Secuobs.com : 2015-05-18 12:35:41 - Acunetix Web Application Security Blog - Acunetix exhibited at CeBIT, Sydney Olympic Park, Australia between 5-7 May 2015 Thank you to all prospective customers and resellers who visited our stand Read More The post CeBit Australia 2015 highlights appeared first on Acunetix http://www.secuobs.com/revue/news/571047.shtmlhttp://www.secuobs.com/revue/news/571047.shtml Secuobs.com : 2015-05-11 10:35:31 - Acunetix Web Application Security Blog - Acunetix recently travelled to San Francisco to exhibit at the RSA Conference 2015 This week-long conference was attended by over 30,000 security professionals A big thank you goes out to all who dropped by the Acunetix stand Read More The post RSA Conference 2015 Highlights appeared first on Acunetix http://www.secuobs.com/revue/news/570305.shtmlhttp://www.secuobs.com/revue/news/570305.shtml Secuobs.com : 2015-05-07 15:16:59 - Acunetix Web Application Security Blog - Hundreds of WordPress themes and plugins that make use of the Genericons package, could be vulnerable to a DOM-based XSS vulnerability affecting millions of WordPress installations Genericons are versatile vector icons embedded in a webfont from Automattic the creators of WordPress The vulnerability resides in the exampleshtml file included in the Genericons package by default Read More The post Genericons DOM-based XSS Vulnerability appeared first on Acunetix http://www.secuobs.com/revue/news/570038.shtmlhttp://www.secuobs.com/revue/news/570038.shtml Secuobs.com : 2015-05-05 10:38:05 - Acunetix Web Application Security Blog - Existing customers awarded their license equivalent in free network scans London, 5th May 2015 Acunetix have announced that they are extending their current free offering of the network security scan, part of their cloud-based web and network vulnerability scanner Those signing up for a trial of the online version of Acunetix vulnerability scanner will Read More The post Double the bang for your buck with Acunetix Vulnerability Scanner appeared first on Acunetix http://www.secuobs.com/revue/news/569709.shtmlhttp://www.secuobs.com/revue/news/569709.shtml Secuobs.com : 2015-05-04 18:05:50 - Acunetix Web Application Security Blog - A Free Scan Target is a network server that can be configured in Acunetix OVS and which can be scanned for network vulnerabilities During the trial, Acunetix OVS users can configure up to 3 scan targets to test Acunetix These Scan Targets will be automatically converted to Free Scan Targets after the Acunetix OVS trial Read More The post What is a Free Scan Target appeared first on Acunetix http://www.secuobs.com/revue/news/569625.shtmlhttp://www.secuobs.com/revue/news/569625.shtml Secuobs.com : 2015-05-04 18:05:50 - Acunetix Web Application Security Blog - Acunetix OVS users can configure Free Scan Targets which can be scanned for network vulnerabilities These can be easily added to your Acunetix OVS account Login to Acunetix OVS from https ovsacunetixcom From Scan Targets, select Add Scan Target Configure the new scan target If you are a customer, select Free Scan Target Network Scans Only Read More The post How to configure a Free Scan Target in Acunetix OVS appeared first on Acunetix http://www.secuobs.com/revue/news/569624.shtmlhttp://www.secuobs.com/revue/news/569624.shtml Secuobs.com : 2015-05-04 18:05:50 - Acunetix Web Application Security Blog - After your 14 day Acunetix OVS trial expires, the scan targets that you have configured in Acunetix OVS will be automatically converted to Free Scan Targets You can continue scanning up to 3 perimeter servers for network vulnerabilities Read More The post Can I continue scanning my targets after my Acunetix OVS trial expires appeared first on Acunetix http://www.secuobs.com/revue/news/569623.shtmlhttp://www.secuobs.com/revue/news/569623.shtml Secuobs.com : 2015-05-04 18:05:50 - Acunetix Web Application Security Blog - Free Scan Targets pertain to perimeter servers which you can scan for network vulnerabilities only Acunetix OVS customers can upgrade a Free Scan Target to a licensed Scan Target in order to scan the target for web vulnerabilities This can be done by clicking on the Upgrade button when editing the Scan Target Read More The post Can I use a Free Scan Target to scan for web vulnerabilities appeared first on Acunetix http://www.secuobs.com/revue/news/569622.shtmlhttp://www.secuobs.com/revue/news/569622.shtml Secuobs.com : 2015-04-29 10:30:28 - Acunetix Web Application Security Blog - Verizon s annual report, now in its eighth year, analyzes breach intelligence and data from multiple sources, including customers of Verizon s forensics response division and customers of FireEye, the firm that investigated the recent hack of Sony Pictures Entertainment It also examines data from cases investigated by law enforcement agencies, and from government and industry computer Read More The post What the Verizon Report 2015 tells us about web app attacks appeared first on Acunetix http://www.secuobs.com/revue/news/569117.shtmlhttp://www.secuobs.com/revue/news/569117.shtml Secuobs.com : 2015-04-28 15:18:05 - Acunetix Web Application Security Blog - Yesterday, WordPress announced another security release, urging all users to update all WordPress installations immediately WordPress Security Release 421 fixes yet another Stored Cross Site Scripting XSS vulnerability, which allows an unauthenticated user to inject JavaScript in WordPress comments The injected script can be affect both WordPress users and WordPress administrators, and therefore this vulnerability is Read More The post WordPress 421 Security Release addresses yet another XSS vulnerability appeared first on Acunetix http://www.secuobs.com/revue/news/569030.shtmlhttp://www.secuobs.com/revue/news/569030.shtml Secuobs.com : 2015-04-27 11:38:53 - Acunetix Web Application Security Blog - Acunetix allowed us to identify some major vulnerabilities before hackers were able to exploit them This has made Sendy a far more secure application and hugely reduced the risk of us being breached Ben Ho, Developer, Sendy Sendy is a self hosted email newsletter application designed to send trackable emails via Amazon Simple Email Service Read More The post Acunetix helps Sendy discover and remediate their vulnerabilities appeared first on Acunetix http://www.secuobs.com/revue/news/568867.shtmlhttp://www.secuobs.com/revue/news/568867.shtml Secuobs.com : 2015-04-22 16:16:37 - Acunetix Web Application Security Blog - Yesterday, WordPress 412 was released This is a very important security release, which addresses a critical cross-site scripting XSS vulnerability, which could allow an anonymous user to compromise a WordPress site The security release also addresses 3 other vulnerabilities affecting previous releases of WordPress In WordPress 41 and higher, files with invalid or unsafe names Read More The post Critical XSS vulnerability addressed in latest WordPress update appeared first on Acunetix http://www.secuobs.com/revue/news/568327.shtmlhttp://www.secuobs.com/revue/news/568327.shtml Secuobs.com : 2015-04-22 10:34:20 - Acunetix Web Application Security Blog - The PCI Security Council recently confirmed that the upcoming update to the PCI DSS guidelines, version 31 will include a change pressing companies to switch to TLS web encryption as opposed to the outdated SSL This is mainly a response to Heartbleed, ShellShock and POODLE, bugs discovered in 2014 which revealed a number of weaknesses Read More The post PCI Security Council presses companies to switch to TLS appeared first on Acunetix http://www.secuobs.com/revue/news/568251.shtmlhttp://www.secuobs.com/revue/news/568251.shtml Secuobs.com : 2015-04-20 10:39:08 - Acunetix Web Application Security Blog - Catertrax, one of Acunetix valued clients, have recently provided us with a case study of their use of the scanner and how it helps them to maintain their security and reassure their customers Acunetix has helped make our application stronger and given our clients the assurance that their data is safe Benjamin De Point, VP Read More The post Acunetix Dishes Out Security Solution to Catertrax appeared first on Acunetix http://www.secuobs.com/revue/news/567870.shtmlhttp://www.secuobs.com/revue/news/567870.shtml Secuobs.com : 2015-04-16 15:17:42 - Acunetix Web Application Security Blog - On 9, 10 April Acunetix partner RedShift consulting participated in the 1st NATO Cyber Defence Projects s Conference A Smart Approach to a Smarter Cyber Defence in Portugal The event aimed to enhance and reinforce international cooperation by stimulating the involvement of academia and industry at the NATO and National Cyber Defence capability development processes RedShift Consulting were a Gold Read More The post Acunetix represented at national conference in Portugal appeared first on Acunetix http://www.secuobs.com/revue/news/567651.shtmlhttp://www.secuobs.com/revue/news/567651.shtml Secuobs.com : 2015-04-15 12:31:07 - Acunetix Web Application Security Blog - Yesterday was Patch Tuesday Microsoft s monthly rendezvous with all administrators wanting to keep their Microsoft products up to date with all security patches This was no ordinary Patch Tuesday for web administrators MS15-034 contains a CRITICAL security update for Microsoft IIS which addresses a remote code execution vulnerability, CVE-2015-034, which in simple terms, allows an attacker Read More The post Acunetix detects new critical IIS server vulnerability CVE-2015-1635 MS15-034 appeared first on Acunetix http://www.secuobs.com/revue/news/567434.shtmlhttp://www.secuobs.com/revue/news/567434.shtml Secuobs.com : 2015-04-14 15:18:00 - Acunetix Web Application Security Blog - Despite first being disclosed in April of 2014, it seems that many of the top global organisations are still exposed to the Heartbleed vulnerability In reports from threat intelligence agencies and the University of Maryland, estimates of susceptibility among the top 2000 global organisations ranges between 70 and 85pourcents While it s believed many of these Read More The post Heartbleed still affecting over 70pourcents of top organisations appeared first on Acunetix http://www.secuobs.com/revue/news/567266.shtmlhttp://www.secuobs.com/revue/news/567266.shtml Secuobs.com : 2015-04-11 15:32:42 - Acunetix Web Application Security Blog - Acunetix, will be exhibiting at CeBIT, Sydney Olympic Park, Australia between 5-7 May 2015 Register Now with Promo Code acundk, selecting the expo pass to receive A complimentary entry to the expo Access to one campus session Complimentary train ticket to from Sydney Olympic Park What s On at CeBIT 2015 Connect with global thought leaders at the Read More The post Acunetix attending CeBIT 2015 in Sydney appeared first on Acunetix http://www.secuobs.com/revue/news/566950.shtmlhttp://www.secuobs.com/revue/news/566950.shtml Secuobs.com : 2015-04-09 11:18:06 - Acunetix Web Application Security Blog - The task of keeping the systems running on the network perimeter and all the services exposed on the internet is substantial and ongoing Considering that most network admins are time-starved, they can t always be blamed for missing the latest security update for their software A network security scan from the online version of Acunetix Vulnerability Scanner Read More The post Acunetix Network Scans defend against Trojans and Backdoors appeared first on Acunetix http://www.secuobs.com/revue/news/566630.shtmlhttp://www.secuobs.com/revue/news/566630.shtml Secuobs.com : 2015-03-25 12:40:00 - Acunetix Web Application Security Blog - On March 18, 2015, AllCrypt, a small crypto currency exchange posted what may very well be one of their last posts on their blog The Bitcoin exchange had been hacked, resulting in stolen crypto currency The AllCrypt Team described the attack in detail in their blog post The attacker managed to somehow get access to Read More The post Lessons to Learn from the AllCrypt Hack appeared first on Acunetix http://www.secuobs.com/revue/news/564737.shtmlhttp://www.secuobs.com/revue/news/564737.shtml Secuobs.com : 2015-03-23 11:29:06 - Acunetix Web Application Security Blog - Records management company Iron Mountain have just published a report on public sector agencies, revealing that around 40pourcents have suffered a data breach It also noted that information security teams are under-resourced, lacking in the required skills or are performing roles above their grade Considering the legal implications of a breach, let alone the potential Read More The post Cyber Security and the Data Protection Act appeared first on Acunetix http://www.secuobs.com/revue/news/564464.shtmlhttp://www.secuobs.com/revue/news/564464.shtml Secuobs.com : 2015-03-17 09:28:07 - Acunetix Web Application Security Blog - A rapidly growing market, generous margins and free use of product for all partners London, 17 March 2015 Website security expert Acunetix is expanding its partner programme to include not only software resellers, but also professionals such as website providers, developers and designers All websites need to be secure, therefore anyone involved in creating Read More The post Revamped Acunetix partner program brings online security opportunity to channel appeared first on Acunetix http://www.secuobs.com/revue/news/563692.shtmlhttp://www.secuobs.com/revue/news/563692.shtml Secuobs.com : 2015-03-16 11:25:42 - Acunetix Web Application Security Blog - Regardless if you believe North Korea were the culprits or not, everyone will acknowledge that since the Sony hack, we ve all started to take cyber terrorism a little more seriously You mean they don t just want financial details and government intelligence No, that s right, terrorists are creative and now the whole world is hooked up Read More The post Political hacking the latest cyber threat appeared first on Acunetix http://www.secuobs.com/revue/news/563549.shtmlhttp://www.secuobs.com/revue/news/563549.shtml Secuobs.com : 2015-03-11 15:10:15 - Acunetix Web Application Security Blog - This year Acunetix are travelling to San Francisco to participate in the RSA Conference 2015 This week-long conference is annually attended by over 28,000 security professionals, making it the leading information security event in the world Those attending will be able to meet Acunetix security experts face-to-face and find out what effective web vulnerability detection can do for Read More The post Acunetix heading to RSA Conference 2015 appeared first on Acunetix http://www.secuobs.com/revue/news/563005.shtmlhttp://www.secuobs.com/revue/news/563005.shtml Secuobs.com : 2015-03-10 11:25:27 - Acunetix Web Application Security Blog - March 10, 2015 Leading Windows Security resource site, WindowSecuritycom, announced today that Acunetix was selected the winner in the Preferred Web Application Security Solution category of the WindowSecuritycom Readers Choice Awards Our Readers Choice Awards give visitors to our site the opportunity to vote for the products they view as the very best in Read More The post Acunetix Voted Windowsecuritycom Readers Choice Award Winner appeared first on Acunetix http://www.secuobs.com/revue/news/562787.shtmlhttp://www.secuobs.com/revue/news/562787.shtml Secuobs.com : 2015-03-10 10:15:33 - Acunetix Web Application Security Blog - This Thursday 12 March, Acunetix Technical and QA Engineer Ian Muscat will be delivering a talk to the OWASP Charlotte Chapter The focus of his talk will be on automated dynamic web application security testing, ie scanning, which is naturally his area of expertise The talk will explore various techniques employed by dynamic scanners in Read More The post Acunetix Deliver Talk to OWASP Charlotte Chapter appeared first on Acunetix http://www.secuobs.com/revue/news/562777.shtmlhttp://www.secuobs.com/revue/news/562777.shtml Secuobs.com : 2015-03-09 09:41:28 - Acunetix Web Application Security Blog - Run Apache HTTP Server as a single process and use debugging tools A typical Apache HTTP Server installation runs with several processes However, to simplify troubleshooting it s best to run Apache as a single process This can be done by using the X option when starting Apache The example below will start Apache in a Read More The post Troubleshooting tips for Apache, Part 4 Run Apache HTTP Server as a single process appeared first on Acunetix http://www.secuobs.com/revue/news/562615.shtmlhttp://www.secuobs.com/revue/news/562615.shtml Secuobs.com : 2015-03-04 22:19:10 - Acunetix Web Application Security Blog - If anyone thought that big bugs would end with a disastrous 2014, 2015 looks as though it will also cause network admins to fret The first in the series of BIG bugs for 2015 has just been uncovered Nicknamed FREAK, this vulnerability breaks SSL, allowing man in the middle attacks, drastically reducing the use of Read More The post FREAK first major SSL bug for 2015 appeared first on Acunetix http://www.secuobs.com/revue/news/562170.shtmlhttp://www.secuobs.com/revue/news/562170.shtml Secuobs.com : 2015-03-02 12:18:18 - Acunetix Web Application Security Blog - London, March 2, 2015 As cyber security continues to hit the headlines, even smaller companies can expect to be subject to scrutiny and therefore securing their website is more important than ever In response to this, Acunetix are offering the online edition of their vulnerability scanner at a new lower entry price This new Read More The post Acunetix clamps down on costly website security with online solution appeared first on Acunetix http://www.secuobs.com/revue/news/561710.shtmlhttp://www.secuobs.com/revue/news/561710.shtml Secuobs.com : 2015-02-27 12:33:44 - Acunetix Web Application Security Blog - Use the mod_whatkilledus module When things go really bad, and Apache server crashes, The mod_whatkilledus module can be used to log detailed technical information about the crash together with the original client request which caused it Additionally, if the mod_backtrace module is enabled, a backtrace showing the point of failure would be included, which is Read More The post Troubleshooting tips for Apache, Part 3 Apache Server modules appeared first on Acunetix http://www.secuobs.com/revue/news/561463.shtmlhttp://www.secuobs.com/revue/news/561463.shtml Secuobs.com : 2015-02-25 11:16:52 - Acunetix Web Application Security Blog - For those intent on having top notch security measures in place, the question shouldn t really be automatic or manual pen testing but rather how much of each A web application scanner, used to identify security vulnerabilities in your web applications does not replace an experienced penetration tester, rather it s a valuable tool in their arsenal Read More The post Scanning vs Pen Testing appeared first on Acunetix http://www.secuobs.com/revue/news/561053.shtmlhttp://www.secuobs.com/revue/news/561053.shtml Secuobs.com : 2015-02-23 10:21:50 - Acunetix Web Application Security Blog - Apache HTTP Server logs First and foremost, the Apache HTTP Server error log should be analysed as this provides detailed information about any errors that have occurred on your web server By default errors are logged in the error_log file located in the logs directory inside the Apache root installation Logging levels can also be Read More The post Troubleshooting tips for Apache, Part 2 Apache HTTP Server logs appeared first on Acunetix http://www.secuobs.com/revue/news/560721.shtmlhttp://www.secuobs.com/revue/news/560721.shtml Secuobs.com : 2015-02-18 12:38:56 - Acunetix Web Application Security Blog - Would it be good if you can claim that your web site is safe This would boost the confidence in your web site Your site s users can browse your site without having to worry about becoming the next victim of a hacked site That is now possible with the Site Seal in Acunetix Online Vulnerability Read More The post Boost Website Confidence with Acunetix Site Seal appeared first on Acunetix http://www.secuobs.com/revue/news/560014.shtmlhttp://www.secuobs.com/revue/news/560014.shtml Secuobs.com : 2015-02-16 11:07:57 - Acunetix Web Application Security Blog - Verify your Apache HTTP Server configuration Apache HTTP Server issues may also be a result of a misconfigured Apache httpdconf configuration file Going over the whole configuration file searching for typos may be a cumbersome task, but thankfully Apache provides a way to scan your httpdconf file for any syntax errors This can be done Read More The post Troubleshooting tips for Apache, Part 1 Verifying Apache HTTP Server Configuration and Version appeared first on Acunetix http://www.secuobs.com/revue/news/559699.shtmlhttp://www.secuobs.com/revue/news/559699.shtml Secuobs.com : 2015-02-11 12:11:04 - Acunetix Web Application Security Blog - On 25th February, IDC are holding their annual two day CIO summit in Dubai This year, Acunetix co-partner Comguard will be in attendance, along with Acunetix General Manager Christopher Martin to discuss with attendees how Acunetix web application vulnerability scanner can help in the defence against ever-rising levels of sophisticated hack attacks The CIO Summit Read More The post Acunetix to be represented at Middle East CIO Summit 2015 appeared first on Acunetix http://www.secuobs.com/revue/news/559066.shtmlhttp://www.secuobs.com/revue/news/559066.shtml Secuobs.com : 2015-02-11 11:38:11 - Acunetix Web Application Security Blog - An emerging development which is a growing risk to security is the internet of things IoT This refers to appliances which are connected to the internet and can therefore be hacked just as a computer can be While their functionality might be limited, there have been reports of fridges being used to send spam email Read More The post The Internet of Things technological paranoia brought to life appeared first on Acunetix http://www.secuobs.com/revue/news/559064.shtmlhttp://www.secuobs.com/revue/news/559064.shtml Secuobs.com : 2015-02-06 17:33:03 - Acunetix Web Application Security Blog - It s been known for some time that healthcare information is a target for hackers, also that the motivation for these thefts has diversified Such data is now used not only for identity theft but is believed to be targeted by countries such as China for political purposes, such as identifying spy targets The huge theft Read More The post Anthem Inc hack why healthcare insurers need to raise their bar on cyber security appeared first on Acunetix http://www.secuobs.com/revue/news/558407.shtmlhttp://www.secuobs.com/revue/news/558407.shtml Secuobs.com : 2015-02-05 13:28:44 - Acunetix Web Application Security Blog - Acunetix Online Vulnerability Scanner OVS allows you to configure child accounts from within your Acunetix OVS account, thereby delegating some scanning and reporting tasks should you wish to share these This is a great feature for enterprise administrators who need to delegate the security tasks for the company s websites and front-end servers to multiple IT Read More The post IT Consultants can now Create Scan Targets per Customer appeared first on Acunetix http://www.secuobs.com/revue/news/558184.shtmlhttp://www.secuobs.com/revue/news/558184.shtml Secuobs.com : 2015-02-05 12:19:40 - Acunetix Web Application Security Blog - Acunetix Online Vulnerability Scanner OVS allows you to configure child accounts from within your Acunetix OVS account, thereby delegating some scanning and reporting tasks should you wish to share these This is a great feature for enterprise administrators who need to delegate the security tasks for the company s websites and front-end servers to multiple IT Read More The post How IT Security Consultants can benefit from the Acunetix OVS Multi-User Accounts appeared first on Acunetix http://www.secuobs.com/revue/news/558176.shtmlhttp://www.secuobs.com/revue/news/558176.shtml Secuobs.com : 2015-02-03 10:06:41 - Acunetix Web Application Security Blog - This week a new Linux vulnerability called GHOST CVE-2015-0235 has been published and subsequently patched, including an update to Acunetix, which can now detect the vulnerability in both its online and on-premise forms, via network scan or web application scan While some cited GHOST as being as dangerous as Shellshock or Heartbleed, in fact the Read More The post Don t let GHOST vulnerability haunt your systems appeared first on Acunetix http://www.secuobs.com/revue/news/557751.shtmlhttp://www.secuobs.com/revue/news/557751.shtml Secuobs.com : 2015-02-03 10:06:41 - Acunetix Web Application Security Blog - During development of plugins or themes, as well as during deployment of a WordPress site, developers or system administrators may enable debug logs to log any PHP errors that occur WordPress makes use of the WP_DEBUG constant which is defined in wp-configphp The constant is used to trigger the debug mode throughout WordPress The constant Read More The post WordPress Security Tips Part 10 Secure Your Debug Logs appeared first on Acunetix http://www.secuobs.com/revue/news/557750.shtmlhttp://www.secuobs.com/revue/news/557750.shtml Secuobs.com : 2015-01-30 16:28:03 - Acunetix Web Application Security Blog - This week a new Linux vulnerability called GHOST CVE-2015-0235 has been published and subsequently patched, including an update to Acunetix, which can now detect the vulnerability in both its online and on-premise forms, via network scan or web application scan While some cited GHOST as being as dangerous as Shellshock or Heartbleed, in fact the Read More The post Don t let GHOST haunt your systems appeared first on Acunetix http://www.secuobs.com/revue/news/557303.shtmlhttp://www.secuobs.com/revue/news/557303.shtml Secuobs.com : 2015-01-30 10:19:47 - Acunetix Web Application Security Blog - Since WordPress sites need to allow their users to upload new content, WordPress upload directory needs to be writable To such an extent, your wp-contnet uploads directory should be considered a potential entry point The biggest potential threat is the uploading of PHP files WordPress won t allow users to upload PHP files within its administrative console, Read More The post WordPress Security Tips Part 9 Prevent PHP files from executing appeared first on Acunetix http://www.secuobs.com/revue/news/557251.shtmlhttp://www.secuobs.com/revue/news/557251.shtml Secuobs.com : 2015-01-28 10:22:58 - Acunetix Web Application Security Blog - A report recently published by Imperva has reported that more than half of web traffic comes from bots rather than human visitors They have also noted some changes in the type of bots observed, including a predictable yet worrying trend in impersonator bots, which now account for 22pourcents of bot traffic Overall, 29pourcents of all Read More The post With DDoS attacks on the rise, could you be a botnet zombie appeared first on Acunetix http://www.secuobs.com/revue/news/556921.shtmlhttp://www.secuobs.com/revue/news/556921.shtml Secuobs.com : 2015-01-27 11:18:12 - Acunetix Web Application Security Blog - Allowing direct access to PHP files can be dangerous for a number of reasons Some plugins and theme files can contain PHP files that are not designed to be called directly because the file would be calling functions that would have been defined in other files This may cause the PHP interpreter to display errors Read More The post WordPress Security Tips Part 8 Restrict Direct Access to Plugin and Theme PHP files appeared first on Acunetix http://www.secuobs.com/revue/news/556711.shtmlhttp://www.secuobs.com/revue/news/556711.shtml Secuobs.com : 2015-01-22 11:24:19 - Acunetix Web Application Security Blog - In the aftermath of the Sony Pictures attack and now the hacking of the Pentagon s social media accounts, the introduction of tougher cyber security laws has been inevitable The main points to take from these new laws is that it will no longer be only the attacker liable for prosecution, but also anyone who accesses the stolen Read More The post Obama s state of union address highlights cyber security appeared first on Acunetix http://www.secuobs.com/revue/news/555859.shtmlhttp://www.secuobs.com/revue/news/555859.shtml Secuobs.com : 2015-01-20 10:06:49 - Acunetix Web Application Security Blog - Strictly speaking, HTTPS is not a protocol in and of itself, but it is rather HTTP encapsulated in TLS SSL TLS, or SSL, as it is commonly referred to, provides websites and web applications with encryption of data being transmitted and authentication to verify the identity of a host HTTPS is usually synonymous with shopping carts Read More The post WordPress Security Tips Part 7 Enabling HTTPS for all logins and wp-admin appeared first on Acunetix http://www.secuobs.com/revue/news/555448.shtmlhttp://www.secuobs.com/revue/news/555448.shtml Secuobs.com : 2015-01-16 10:09:59 - Acunetix Web Application Security Blog - Disable File Editing By default, WordPress allows administrative users to edit PHP files of plugins and themes inside of the WordPress admin interface This is often the first thing an attacker would look for if they manage to gain access to an administrative account since this functionality allows code execution on the server Entering the Read More The post WordPress Security Tips Part 6 Disable File Editing appeared first on Acunetix http://www.secuobs.com/revue/news/554975.shtmlhttp://www.secuobs.com/revue/news/554975.shtml Secuobs.com : 2015-01-14 10:22:39 - Acunetix Web Application Security Blog - Password protecting your WordPress admin area through a layer of HTTP authentication is an effective measure to thwart attackers attempting to guess users passwords Additionally, if attackers manages to steal a user s password, they will need to get past HTTP authentication in order to gain access to WordPress login form Warning Basic HTTP Authentication Read More The post WordPress Security Tips Part 5 Restrict Access to wp-admin Directory appeared first on Acunetix http://www.secuobs.com/revue/news/554557.shtmlhttp://www.secuobs.com/revue/news/554557.shtml Secuobs.com : 2015-01-12 10:32:11 - Acunetix Web Application Security Blog - What Happened in 2014 2014 will be remembered for many things it s the year HTML5 has been given the green light and the year JavaScript has been used to provide dynamic content more than ever before We have also seen major version releases in important technologies such as WordPress, Google Web Toolkit, and the leading Read More The post Predictions and challenges for website security in 2015 appeared first on Acunetix http://www.secuobs.com/revue/news/554062.shtmlhttp://www.secuobs.com/revue/news/554062.shtml Secuobs.com : 2015-01-08 11:28:40 - Acunetix Web Application Security Blog - All system administrators know about SQL injection and should also know how to protect their system against such an attack However, what they might be less informed about is Blind SQL injection albeit a much lengthier process for the hacker, if someone is determined to get at your data then this is a way they Read More The post Blind SQL Injection The Basics appeared first on Acunetix http://www.secuobs.com/revue/news/553575.shtmlhttp://www.secuobs.com/revue/news/553575.shtml Secuobs.com : 2015-01-07 11:22:00 - Acunetix Web Application Security Blog - Evaluating a web vulnerability scanner is not the easiest of tasks With a multitude of open source and commercial products to choose from, all promising to provide the best of breed scanning functionality, choosing the right web vulnerability scanner is a tough, albeit important decision In this article, we provide a checklist of things that Read More The post What to look for when choosing a web vulnerability scanner appeared first on Acunetix http://www.secuobs.com/revue/news/553395.shtmlhttp://www.secuobs.com/revue/news/553395.shtml Secuobs.com : 2015-01-02 11:08:22 - Acunetix Web Application Security Blog - Wired have just released the 5 most dangerous software bugs in 2014 3 of which affect web security Once again, web sites, web applications and web servers are the main source of concern for IT administrators trying to prevent unauthorised access from the internet The 3 most dangerous software bugs which challenged web security Read More The post 5 most dangerous software bugs of 2014 appeared first on Acunetix http://www.secuobs.com/revue/news/552752.shtmlhttp://www.secuobs.com/revue/news/552752.shtml Secuobs.com : 2014-12-30 10:24:14 - Acunetix Web Application Security Blog - Heads up - Depending on your webserver s configuration, activated plugins and or themes, the following could break some functionality It is strongly advised to try out any configuration in a testing staging environment before changing any configuration on production servers Complex Security Keys WordPress makes use of a set of long, random and complex Security Keys These Read More The post WordPress Security Tips Part 4 Complex Security Keys appeared first on Acunetix http://www.secuobs.com/revue/news/552304.shtmlhttp://www.secuobs.com/revue/news/552304.shtml Secuobs.com : 2014-12-29 10:39:43 - Acunetix Web Application Security Blog - Heads up - Depending on your webserver s configuration, activated plugins and or themes, the following could break some functionality It is strongly advised to try out any configuration in a testing staging environment before changing any configuration on production servers Complex Secret Keys WordPress makes use of a set of long, random and complex Security Keys These Read More The post WordPress Security Tips Part 4 appeared first on Acunetix http://www.secuobs.com/revue/news/552185.shtmlhttp://www.secuobs.com/revue/news/552185.shtml Secuobs.com : 2014-12-22 11:13:24 - Acunetix Web Application Security Blog - Security Configurations Heads up - Depending on your webserver s configuration, activated plugins and or themes, the following could break some functionality It is strongly advised to try out any configuration in a testing staging environment before changing any configuration on production servers Prevent Directory Listing Directory Listing occurs when the web server does not find an index Read More The post WordPress Security Tips Part 3 appeared first on Acunetix http://www.secuobs.com/revue/news/551388.shtmlhttp://www.secuobs.com/revue/news/551388.shtml Secuobs.com : 2014-12-18 12:41:03 - Acunetix Web Application Security Blog - Acunetix Online Vulnerability Scanner has been updated with a new feature the option to generate a report automatically once a scan is completed This should save time for users When setting a scan users will be able to optionally set a report to run immediately after as shown in the screenshot below Read More The post Automate a post-scan report on OVS appeared first on Acunetix http://www.secuobs.com/revue/news/550817.shtmlhttp://www.secuobs.com/revue/news/550817.shtml Secuobs.com : 2014-12-18 10:14:18 - Acunetix Web Application Security Blog - Back in September, eBay made the headlines due to a number of Cross Site Scripting XSS vulnerabilities found on their site Following pressure from security experts and users, a few of these vulnerabilities were patched, although eBay were quoted as saying they would not remove the active content functionality which allows such attacks In September, Read More The post How to avoid eBay hack attacks appeared first on Acunetix http://www.secuobs.com/revue/news/550797.shtmlhttp://www.secuobs.com/revue/news/550797.shtml Secuobs.com : 2014-12-17 12:12:47 - Acunetix Web Application Security Blog - In light of the recent Sony Pictures hack, it s important to clarify the facts and examine how such an attack might have taken place, to serve as a learning experience for other companies News about the hack on Sony Pictures infrastructure continue to unfold, with the group calling itself the Guardians of Peace GOP , circulating Read More The post Lessons we can learn from the Sony Pictures hack appeared first on Acunetix http://www.secuobs.com/revue/news/550612.shtmlhttp://www.secuobs.com/revue/news/550612.shtml Secuobs.com : 2014-12-15 11:09:15 - Acunetix Web Application Security Blog - Be Selective When Choosing Plugins and Themes WordPress allows you to extend and customize your site with thousands of plugins and themes While extending your site s capabilities and customization is important, it should not come at the price of your website s security Even if your WordPress installation, plugins and themes are all up to date, Read More The post WordPress Security Tips Part 2 appeared first on Acunetix http://www.secuobs.com/revue/news/550152.shtmlhttp://www.secuobs.com/revue/news/550152.shtml Secuobs.com : 2014-12-10 12:09:40 - Acunetix Web Application Security Blog - Basic Security Measures With WordPress running on 1 in 5 sites on the Internet, it is no surprise that they are a very popular target for both experienced hackers and script-kiddies alike The following are a few measures that can be taken to address some basic security holes or malpractices that are commonly present in Read More The post WordPress Security Tips Part 1 appeared first on Acunetix http://www.secuobs.com/revue/news/549390.shtmlhttp://www.secuobs.com/revue/news/549390.shtml Secuobs.com : 2014-12-10 12:09:40 - Acunetix Web Application Security Blog - On the 9th of December the OWASP 2014 conference was held in Hamburg, Germany Acunetix partners Voquz were in attendance to discuss with visitors how Acunetix can help to protect against the OWASP top 10 vulnerabilities and others The Open Web Application Security Project OWASP is an open community dedicated to enabling organizations to conceive, Read More The post Acunetix represented at OWASP 2014 appeared first on Acunetix http://www.secuobs.com/revue/news/549389.shtmlhttp://www.secuobs.com/revue/news/549389.shtml Secuobs.com : 2014-12-05 17:26:04 - Acunetix Web Application Security Blog - This week a shocking campaign of cyber attacks has been made public by Cylance, a US cyber security firm The report has been released earlier than planned due to the level of risk these attacks pose, in the hope that it might prevent further breaches This news has been particularly alarming as it points to Read More The post US Security firm speculates Iran could be behind worrying cyber attacks appeared first on Acunetix http://www.secuobs.com/revue/news/548698.shtmlhttp://www.secuobs.com/revue/news/548698.shtml Secuobs.com : 2014-12-05 16:12:41 - Acunetix Web Application Security Blog - Acunetix Online Vulnerability Scanner OVS is a multi-user system The first account that is created is the main admin account, also referred to as the root account This main admin account can create child accounts, giving a role to each child account and configuring which Scan Targets can be scanned or reported on More information Read More The post How many child accounts can be created in Acunetix OVS appeared first on Acunetix http://www.secuobs.com/revue/news/548689.shtmlhttp://www.secuobs.com/revue/news/548689.shtml Secuobs.com : 2014-12-04 11:30:47 - Acunetix Web Application Security Blog - Powering over 90pourcents of the world wide web, Apache, IIS and nginx are considered the 3 most important web servers They are considered to be easy to get up and running, have an active development team behind them and react quickly to security issues Most companies running these web servers trust the communication to the Read More The post Top tips to secure your web server appeared first on Acunetix http://www.secuobs.com/revue/news/548459.shtmlhttp://www.secuobs.com/revue/news/548459.shtml Secuobs.com : 2014-12-02 12:12:01 - Acunetix Web Application Security Blog - If you re a healthcare entity in the United States, then you ll certainly be familiar with HIPAA Enacted by congress in 1996, HIPAA addresses the security and privacy of health data among a number of other items The most important aspect for healthcare providers, insurers and other health related entities to take away is the need Read More The post HIPAA Why you need to keep patient information secure appeared first on Acunetix http://www.secuobs.com/revue/news/548003.shtmlhttp://www.secuobs.com/revue/news/548003.shtml Secuobs.com : 2014-11-27 10:15:59 - Acunetix Web Application Security Blog - This is the second part in the series on Nginx server security This article follows on from Part 1 with more tips on hardening your Nginx configuration 5 Make use of ModSecurity ModSecurity is an open-source module that works as a web application firewall Different functionalities include filtering, server identity masking, and null byte attack prevention Real-time Read More The post Tips to harden your Nginx configuration part 2 appeared first on Acunetix http://www.secuobs.com/revue/news/547518.shtmlhttp://www.secuobs.com/revue/news/547518.shtml Secuobs.com : 2014-11-25 11:27:44 - Acunetix Web Application Security Blog - Currently, Nginx is the second most popular web server based on a study of the top 10,000 websites It is lightweight, fast, robust, supports the major operating systems and is the web server of choice for Netflix, WordPresscom and other high traffic sites Nginx can easily handle 10,000 inactive HTTP connections with as little as Read More The post 9 tips to harden your Nginx configuration part 1 appeared first on Acunetix http://www.secuobs.com/revue/news/547151.shtmlhttp://www.secuobs.com/revue/news/547151.shtml Secuobs.com : 2014-11-21 12:25:48 - Acunetix Web Application Security Blog - A dangerous new XSS vulnerability has been identified in WordPress versions prior to 40 Using the comments, attackers may even be able to gain full administrative control of a vulnerable application Therefore WordPress have released an urgent update, addressing this bug and 7 others Users should update to WordPress 401 as a matter of urgency Read More The post New WordPress XSS Vulnerability gives attackers full control of your application appeared first on Acunetix http://www.secuobs.com/revue/news/546637.shtmlhttp://www.secuobs.com/revue/news/546637.shtml Secuobs.com : 2014-11-21 11:21:03 - Acunetix Web Application Security Blog - At the end of December 2014 the new set of Payment Card Industry Data Security Standards PCI DSS will come largely into force, with just a few small elements having the later deadline of July 2015 to allow businesses time to adapt If your company or organisation processes card transactions, either directly or through a Read More The post Are you prepared for PCI v30 appeared first on Acunetix http://www.secuobs.com/revue/news/546631.shtmlhttp://www.secuobs.com/revue/news/546631.shtml Secuobs.com : 2014-11-17 13:28:04 - Acunetix Web Application Security Blog - A new feature to the online version of Acunetix Acunetix Online Vulnerability Scanner OVS now allows the owner of an account to create child users, delegating vulnerability scanning and reporting tasks to other users and at the same time auditing their actions This increased flexibility has been introduced following feedback from current users, who Read More The post Delegate tasks, limit access and stay in control with Acunetix OVS Multi-User Access appeared first on Acunetix http://www.secuobs.com/revue/news/545762.shtmlhttp://www.secuobs.com/revue/news/545762.shtml Secuobs.com : 2014-11-05 12:37:09 - Acunetix Web Application Security Blog - You have just finished installing IIS on your Windows OS You re probably thinking that you can delve into the web development world and forget all about the underlying web server After all, IIS is a Microsoft product so it should install with the right default configuration settings, right That is far from true with IIS Read More The post 8 tips to secure your IIS installation appeared first on Acunetix http://www.secuobs.com/revue/news/543885.shtmlhttp://www.secuobs.com/revue/news/543885.shtml Secuobs.com : 2014-10-30 09:34:08 - Acunetix Web Application Security Blog - In order to scan a form-based password protected area, you will need to make use of a Login Sequence during the scan You can predefine login sequence files from Configuration Application Settings Login Sequence Manager, or directly from the New Scan Wizard The Login Sequence Recorder can be used to perform a number Read More The post How to Scan a Form-based Protected Area using the Acunetix Login Sequence Recorder appeared first on Acunetix http://www.secuobs.com/revue/news/543150.shtmlhttp://www.secuobs.com/revue/news/543150.shtml Secuobs.com : 2014-10-29 10:33:13 - Acunetix Web Application Security Blog - There are 2 types of password protected areas HTTP Password protected areas These are generally managed by the web server, and the user is prompted with a password dialog Form-based restricted areas This type of authentication is handled by the web application The credentials are requested using a web form This article explains how to Read More The post How to scan an HTTP password protected area appeared first on Acunetix http://www.secuobs.com/revue/news/542994.shtmlhttp://www.secuobs.com/revue/news/542994.shtml Secuobs.com : 2014-10-28 16:20:11 - Acunetix Web Application Security Blog - If the machine running Acunetix Web Vulnerability Scanner is located behind a proxy server, the proxy server settings must be configured for the scanner to connect to the target application via the proxy server Proceed as follows Navigate to Configuration Scan Settings You might want to create a Scan Settings template if you need Read More The post How to scan a website behind an HTTP or SOCKS proxy server appeared first on Acunetix http://www.secuobs.com/revue/news/542919.shtmlhttp://www.secuobs.com/revue/news/542919.shtml Secuobs.com : 2014-10-24 13:36:23 - Acunetix Web Application Security Blog - A recent study by a leading web application security vendor has highlighted some interesting statistics about web application attacks Some of the findings examined below should enable web security practitioners to better anticipate, identify and act against cyber threats Threat Growth One of the unsurprising news items is that web application attacks have increased in Read More The post Analysing the latest trends in web application attacks appeared first on Acunetix http://www.secuobs.com/revue/news/542474.shtmlhttp://www.secuobs.com/revue/news/542474.shtml Secuobs.com : 2014-10-16 13:36:49 - Acunetix Web Application Security Blog - Drupal has released a HIGHLY CRITICAL security advisory for its latest version of the popular content management system, urgently advising users to update to Drupal 732 or install a patch to fix the vulnerability The vulnerability, reported by Stefan Horst from SektionEins GmbH allows for unauthenticated users to gain full control of the database, and to be Read More The post Critical Drupal SQL Injection vulnerability appeared first on Acunetix http://www.secuobs.com/revue/news/540607.shtmlhttp://www.secuobs.com/revue/news/540607.shtml Secuobs.com : 2014-10-15 13:14:58 - Acunetix Web Application Security Blog - Transport Layer Security TLS and its predecessor, Secure Socket Layer SSL are widely used protocols designed secure the transfer of data between the client and the server through authentication and encryption and integrity Contrary to common assumptions TLS SSL is a not only a widely used technology in websites and web applications using the HTTP protocol , Read More The post Recommendations for TLS SSL Cipher Hardening appeared first on Acunetix http://www.secuobs.com/revue/news/540190.shtmlhttp://www.secuobs.com/revue/news/540190.shtml Secuobs.com : 2014-10-15 13:14:58 - Acunetix Web Application Security Blog - Yesterday, the details of the latest vulnerability affecting SSL started emerging, and in no time, everyone started talking, or rather blogging about POODLE POODLE stands for Padding Oracle On Downgraded Legacy Encryption and affects the 15 year old SSLv3, which should have been deprecated and abolished soon after the subsequent version of SSL TLS was made Read More The post POODLE gives the final bite and puts SSLv3 to rest appeared first on Acunetix http://www.secuobs.com/revue/news/540189.shtmlhttp://www.secuobs.com/revue/news/540189.shtml Secuobs.com : 2014-10-06 15:05:48 - Acunetix Web Application Security Blog - Apache is one of the most popular web servers with statistics showing that as of September 2014, it is used to host It is also often described as one of the most secure web servers In this article, I shall describe some configuration changes that will harden your Apache s configuration Ensure that Apache server-info is Read More The post 10 tips to secure your Apache installation appeared first on Acunetix http://www.secuobs.com/revue/news/538721.shtmlhttp://www.secuobs.com/revue/news/538721.shtml Secuobs.com : 2014-10-03 15:34:56 - Acunetix Web Application Security Blog - Yesterday, a critical vulnerability was reported in GNU Bash Bash is the Bourne Again Shell that is installed on all Linux distributions The vulnerability is related to the way environment variables are parsed before running the BASH shell It is possible to create environment variables that include function definitions BASH processes the trailing strings after these function Read More The post BASH Vulnerability leaves IT Experts Shell Shocked appeared first on Acunetix http://www.secuobs.com/revue/news/538415.shtmlhttp://www.secuobs.com/revue/news/538415.shtml Secuobs.com : 2014-09-29 18:45:51 - Acunetix Web Application Security Blog - WIVET stands for Web Input Extractor Teaser, and is a web application that is designed to test the crawling capabilities of web application scanners WIVET has been used in web application scanner reviews, such as the reputable review from Shay The post How to Configure Acunetix WVS to Successfully Crawl WIVET appeared first on Acunetix http://www.secuobs.com/revue/news/537428.shtmlhttp://www.secuobs.com/revue/news/537428.shtml Secuobs.com : 2014-09-26 14:45:54 - Acunetix Web Application Security Blog - 48 hours since the latest in the series of BIG BUGS 2014 has made the news, and the Internet community is still struggling to assess the damage After the initial moments of disbelief, researchers started coming to terms with the The post ShellShock s magnitude for potential damage truly shocking appeared first on Acunetix http://www.secuobs.com/revue/news/536984.shtmlhttp://www.secuobs.com/revue/news/536984.shtml Secuobs.com : 2014-09-25 15:32:11 - Acunetix Web Application Security Blog - Yesterday, a critical vulnerability was reported in GNU Bash Bash is the Bourne Again Shell that is installed on all Linux distributions The vulnerability is related to the way environment variables are parsed before running the BASH shell It is possible to The post CVE-2014-6271 Bash Code Injection Vulnerability appeared first on Acunetix http://www.secuobs.com/revue/news/536797.shtmlhttp://www.secuobs.com/revue/news/536797.shtml Secuobs.com : 2014-09-22 11:58:28 - Acunetix Web Application Security Blog - An important update has just been rolled out to Acunetix Online Vulnerability Scanner OVS which includes 2 features unique to Acunetix - AcuSensor and AcuMonitor Both technologies have been successfully used in Acunetix WVS to enhance scan results by improving The post Acunetix OVS Update Spots Vulnerabilities with Military Precision appeared first on Acunetix http://www.secuobs.com/revue/news/535937.shtmlhttp://www.secuobs.com/revue/news/535937.shtml Secuobs.com : 2014-09-20 09:00:03 - Acunetix Web Application Security Blog - NTP is the standard protocol for time synchronization in the IT industry and is widely used by servers, mobile devices, endpoints and network devices, irrespective of their vendor Latest definition of NTP is at version 4, described in RFC 5905 The post Preventing NTP Reflection DDOS Attacks Based on CVE-2013-5211 appeared first on Acunetix http://www.secuobs.com/revue/news/535823.shtmlhttp://www.secuobs.com/revue/news/535823.shtml Secuobs.com : 2014-09-12 08:57:47 - Acunetix Web Application Security Blog - Around 10 million email addresses and passwords were recently leaked on a Russian Bitcoin forum Many websites report about 5 million Gmail accounts the leak includes also accounts from 2 popular russian mail providers Yandex and Mailru The leak contains The post Statistics about the leaked Gmail, Yandex, Mailru passwords appeared first on Acunetix http://www.secuobs.com/revue/news/534597.shtmlhttp://www.secuobs.com/revue/news/534597.shtml Secuobs.com : 2014-09-10 09:59:28 - Acunetix Web Application Security Blog - Alliance Technology Partners, partnering with Acunetix since 2007, have announced they shall be offering Acunetix Training Courses, delivered via the web, by two of their senior security engineers This Basic Training 3 hour course, is highly interactive and tailored to The post Alliance Training Courses Improve Acunetix User Skills appeared first on Acunetix http://www.secuobs.com/revue/news/534171.shtmlhttp://www.secuobs.com/revue/news/534171.shtml Secuobs.com : 2014-09-08 10:00:55 - Acunetix Web Application Security Blog - The long awaited WordPress version 40, codenamed Benny in honour of jazz clarinettist and band leader Benny Goodman has been released While this does seem like a major release to some of us, since it includes a good amount of The post WordPress 40 Benny released appeared first on Acunetix http://www.secuobs.com/revue/news/533427.shtmlhttp://www.secuobs.com/revue/news/533427.shtml Secuobs.com : 2014-09-04 11:57:12 - Acunetix Web Application Security Blog - An Acunetix web vulnerability scan is able to detect a WordPress installation, and will execute various WordPress related checks when the popular blogging web application is identified When WordPress is detected, Acunetix will issue the following knowledge base entry Acunetix The post List of checks done by Acunetix on WordPress appeared first on Acunetix http://www.secuobs.com/revue/news/532938.shtmlhttp://www.secuobs.com/revue/news/532938.shtml Secuobs.com : 2014-09-02 13:48:55 - Acunetix Web Application Security Blog - Acunetix Web Vulnerability Scanner version 95 build 20140902 has been updated to include new vulnerability checks, including detection of Hibernate Query Injection, format strings vulnerabilities, MySQL username disclosure and others, including some, in well-known web applications This new build also The post Acunetix WVS v95 build 20140902 detects even more vulnerabilities appeared first on Acunetix http://www.secuobs.com/revue/news/532580.shtmlhttp://www.secuobs.com/revue/news/532580.shtml Secuobs.com : 2014-09-01 11:29:37 - Acunetix Web Application Security Blog - As an executive responsible for many aspects of running your business, it can be difficult and downright confusing trying to understand the balance between Web security and compliance Your IT, information security, and internal audit teams may be telling you The post Balancing Web Security with your Compliance Requirements appeared first on Acunetix http://www.secuobs.com/revue/news/532417.shtmlhttp://www.secuobs.com/revue/news/532417.shtml Secuobs.com : 2014-08-28 11:39:45 - Acunetix Web Application Security Blog - Having a good antivirus solution gives a warm, fuzzy feeling of safety you know that your assets are virus free and that your network is secure However, most antivirus solutions cannot detect Remote Administration Tools aka Remote Access Trojans or The post Danger Open Ports Remote Access Trojans RATs vs Worms appeared first on Acunetix http://www.secuobs.com/revue/news/531956.shtmlhttp://www.secuobs.com/revue/news/531956.shtml Secuobs.com : 2014-08-28 11:39:45 - Acunetix Web Application Security Blog - Acunetix will be sponsoring and exhibiting at this year s OWASP AppSec USA The event will be held from 16th to the 19th September at the Denver Marriott City Center, Denver, USA AppSec USA is a world-class software security conference for developers, auditors, risk managers, The post Visit Acunetix Stand at OWASP AppSec USA 2014 appeared first on Acunetix http://www.secuobs.com/revue/news/531955.shtmlhttp://www.secuobs.com/revue/news/531955.shtml Secuobs.com : 2014-08-25 09:34:35 - Acunetix Web Application Security Blog - There is a black market for stolen credit card information you can shop online for credit card data for prices between 20 and 100 per item Underground websites like Silk Road today Silk Road 20 offer the possibility to acquire The post POS Security Are my POS terminal credentials up for sale appeared first on Acunetix http://www.secuobs.com/revue/news/531342.shtmlhttp://www.secuobs.com/revue/news/531342.shtml Secuobs.com : 2014-08-20 11:56:20 - Acunetix Web Application Security Blog - Last Monday, Community Health Systems CHS filed an 8-K filing with the US Securities and Exchange Commission, confirming a security breach which occurred in April and June, 2014 CHS blamed the breach on a group of Chinese hackers The 8-K The post Heartbleed Used to Steal Credentials and Breach Community Health Systems appeared first on Acunetix http://www.secuobs.com/revue/news/530642.shtmlhttp://www.secuobs.com/revue/news/530642.shtml Secuobs.com : 2014-08-14 13:56:56 - Acunetix Web Application Security Blog - Earlier this month, on the Security Week website, Steve Ragan published an article about a security researcher who posted several vulnerabilities to the Full Disclosure mailing list seven of these are MySQL vulnerabilities The complete list of vulnerabilities is The post An Unhappy New Year Security Researcher Discloses New Batch of MySQL Vulnerabilities appeared first on Acunetix http://www.secuobs.com/revue/news/529906.shtmlhttp://www.secuobs.com/revue/news/529906.shtml Secuobs.com : 2014-08-13 11:47:45 - Acunetix Web Application Security Blog - Starting as just a good blogging system in 2003, WordPress has grown to be the most popular Content Management System CMS , used in over 22pourcents of the top 1 million web sites It is the CMS that can be installed The post WordPress Security Revisited appeared first on Acunetix http://www.secuobs.com/revue/news/529680.shtmlhttp://www.secuobs.com/revue/news/529680.shtml Secuobs.com : 2014-07-28 11:39:39 - Acunetix Web Application Security Blog - Network security assessments are one of the most critical exercises performed for minimizing business risks Your time is limited You ve got pressure from management to get things done There s so much to do and not enough time to do it The post Common Network Security Assessment Oversights appeared first on Acunetix http://www.secuobs.com/revue/news/527170.shtmlhttp://www.secuobs.com/revue/news/527170.shtml Secuobs.com : 2014-07-23 11:22:10 - Acunetix Web Application Security Blog - Moving past IT compliance, IT governance is becoming the new area of focus in enterprises today With compliance often being a more tactical business function, IT governance tends to operate at a higher level, especially in larger organizations Internal audit, The post Making Web Security Part of your IT Governance Program appeared first on Acunetix http://www.secuobs.com/revue/news/526518.shtmlhttp://www.secuobs.com/revue/news/526518.shtml Secuobs.com : 2014-07-21 10:52:13 - Acunetix Web Application Security Blog - There s always a point in every IT professional s career where he thinks he has everything figured out We can get so caught up in our ways that we often overlook the fact that there are so many things we do The post How to Take Your Network Security Assessments to the Next Level appeared first on Acunetix http://www.secuobs.com/revue/news/526133.shtmlhttp://www.secuobs.com/revue/news/526133.shtml Secuobs.com : 2014-07-16 10:54:31 - Acunetix Web Application Security Blog - There s no doubt you know your network better than anyone else The real question is, do you know whether you ve checked for all relevant security flaws on all of your critical systems Odds are you haven t but that s okay to The post Top Network Security Flaws You re Likely Overlooking appeared first on Acunetix http://www.secuobs.com/revue/news/525389.shtmlhttp://www.secuobs.com/revue/news/525389.shtml Secuobs.com : 2014-07-14 10:30:47 - Acunetix Web Application Security Blog - Are you scanning your network hosts for security vulnerabilities while logged in as a user If not, you should be Authenticated testing can add a lot of value to your overall security assessment results You ll find a lot more missing The post What You Need to Know About Performing Authenticated Network Security Scans appeared first on Acunetix http://www.secuobs.com/revue/news/524974.shtmlhttp://www.secuobs.com/revue/news/524974.shtml Secuobs.com : 2014-07-09 10:48:38 - Acunetix Web Application Security Blog - This blog post describes how to block automated scanners from scanning your website This should work with any modern web scanner parsing robotstxt all popular web scanners do this Website owners use the robotstxt file to give instructions about their site to web robots The robotstxt The post How to Block Automated Scanners from Scanning your Site appeared first on Acunetix http://www.secuobs.com/revue/news/524323.shtmlhttp://www.secuobs.com/revue/news/524323.shtml Secuobs.com : 2014-07-08 13:21:05 - Acunetix Web Application Security Blog - Vulnerability-Lab, a Germany-based security research company, recently identified an application-side validation web vulnerability, which allows an attacker to inject code in his user profile The injected code gets executed when a PayPal employee loads the user s details on PayPal s backend The post AcuMonitor could have Detected Paypal s Blind XSS Vulnerability appeared first on Acunetix http://www.secuobs.com/revue/news/524111.shtmlhttp://www.secuobs.com/revue/news/524111.shtml Secuobs.com : 2014-07-02 12:31:50 - Acunetix Web Application Security Blog - When running a Network Scan on your perimeter server using Acunetix Online Vulnerability Scanner OVS , one of the Informational alerts shown in the scan results is the CPE Inventory The data that is collected during the scan is aggregated using The post Common Platform Enumeration CPE Explained appeared first on Acunetix http://www.secuobs.com/revue/news/523272.shtmlhttp://www.secuobs.com/revue/news/523272.shtml