This new release of Acunetix Web Vulnerability Scanner version 8, build 20130416, includes new and improved vulnerability checks which target WordPress installations, web applications hosted on Amazon S3, various other web applications. New Functionality Added a test that enumerates valid WordPress usernames using various techniques….
Protect your WordPress from Mass Brute Force Attacks
Last week a sophisticated botnet that targets and launches brute force attacks against WordPress blogs and websites has been detected. Some WordPress hosting providers suffered downtime, security experts are exploiting this opportunity to sell their WordPress security services and thousands of WordPress sites have been…
The Risks Associated with Third-Party Software Components
I was recently contacted by a colleague in an information security leadership position who was concerned about his developers using some third-party plug-ins for an enterprise application they were rolling out. His developers wanted to install these third-party components in order to speed up their…
"Social Media Widget" Adds New Undocumented Feature – Spam Injection
WordPress.com have removed the rather popular Social Medial Widget (nearly a million downloads) from the plugin repository. The most recent version of the plugin was found to be injecting spam messages with the social media icons on the sites using the plugin. It seems that…
What happens when you can’t find every web vulnerability?
On one end of the application security and IT audit spectrum we have people that overlook the obvious and critical stuff. But just as dangerously, on the other end of the spectrum we have people who want us to find every single flaw on every…
Is Your Security Appliance Hackable?
In the late 90’s, businesses embraced the internet; they connected their networks and servers to the internet so their data can be accessed from anywhere around the world. This was a new era that gave businesses the opportunity to grow globally and reach new audiences….
Acunetix WVS Update 20130308 – New Security Tests
Apart from the usual bug fixes / new functionality, each Acunetix WVS update generally includes new vulnerability tests or an improvement to existing checks. In this post, I would like to summarize the new security tests added in the latest Acunetix WVS update. Unicode Transformation…
Unable to Download Error Whilst Trying to Update Acunetix WVS
Symptoms When trying to update the latest build from Acunetix WVS, you encounter the following error: Unable to download https://www.acunetix.com/download/ fullver8/2013_03_08_01_webvulnscan8.exe. Try again later. More Information Acunetix has recently changed its update mechanism to a new and secure product download system. This update has been…
Finding Broken Links Using Acunetix WVS
Acunetix WVS has the ability to discover links to pages that do not exist. In a world where sites are updated on a daily basis, it is quite easy to remove a page and forget to amend all links which refer to it resulting in…