The Acunetix API allows you to programmatically manage your Acunetix tasks, including triggering scans for targets, checking the status of your scans, and retrieving a list of vulnerabilities found by your scans. This example can serve as a primer for building such programmatic tools. In…
Would the Real IAST Please Stand Up?
Opinion: The term Interactive Application Security Testing (IAST) is probably the vaguest in the world of application security testing. Any tool that extends beyond the traditional DAST or SAST model may use it – and many do. However, I feel that only AcuSensor truly deserves…
What Is the R.U.D.Y. Attack
R.U.D.Y. (R-U-Dead Yet) is a denial-of-service attack tool. Unlike most DoS and DDoS attack tools, the R.U.D.Y. attack tool uses Layer 7 (it is an application layer attack). The attack technique of the R.U.D.Y. tool is very similar to the Slowloris attack. It uses slow…
Scanning a GraphQL API for vulnerabilities
Since June 2020, Acunetix supports the increasingly popular API query language – GraphQL. In this article, we want to show you step-by-step how to scan an API defined using GraphQL. To do this, you will first create an intentionally vulnerable API and its GraphQL definition,…
Web Application Security Testing in an Agile Software Development Life Cycle – A Technical Case Study
We’ve teamed up with Acme Corporation (name changed for privacy and security reasons) to bring you a very detailed look at how a medium-sized business managed to successfully include web security testing in their SDLC processes. Before introducing Acunetix, Acme had major problems with web…
Acunetix Named an October 2020 Gartner Peer Insights Customers’ Choice for Application Security Testing
The Acunetix team is excited to announce that we have been recognized as an October 2020 Gartner Peer Insights Customers’ Choice for Application Security Testing. Our team at Acunetix takes great pride in this distinction, as customer feedback continues to shape our products and services….
What Top Web Attacks Can We Expect in the New OWASP Top 10?
The latest edition of the Open Web Application Security Project Top Ten was released in 2017, four years after the previous one. Therefore, we can expect that the new version of this cybersecurity report will be out sometime next year. Let us have a look…
SAST Teaches How to Go Around Problems, Not Fix Them
Opinion: SAST tools have one advantage – they point the developer to the root cause of the problem. However, this is also a major disadvantage. They don’t teach the developer about the consequences. They don’t teach the developer how to avoid making mistakes. As a…
What Is Forced Browsing
Forced browsing, also called forceful browsing, is an attack technique against badly protected websites and web applications, which allows the attacker to access resources that they should not be able to access. Such resources may contain sensitive information. Forced browsing is a common web application…