We often hear about “disgruntled workers” wreaking havoc on computer systems and sensitive information. Interestingly we never hear about what I call “gruntled workers” and how they can — and do — contribute to enterprise security. Getting the attention of your employees and having them…
FAQ: What additional features does Acunetix WVS include?
The following features complete the Acunetix WVS scanning arsenal: Innovative AcuSensor technology Web server configuration detection Web server security scan (Port Scanner) against services such as DNS, SSH etc Dictionary (brute force) attacker to test password strength of login pages or HTTP authentication Report Generator…
FAQ: How does Acunetix reduce false positives?
Acunetix is a heuristic scanner and not a signature based scanner, which by design is an efficient way of reducing false positives. With the introduction of AcuSensor Technology, false positive reporting has been drastically reduced because vulnerability detection is no longer based on just the error messages…
FAQ: Why does Acunetix WVS detect pages that don’t exist on my website?
Some websites are designed to use custom 404 error pages instead of a web browser’s standard error page because they can be branded and made to contain links to other important pages. If your website uses custom 404 error pages which generate different error codes,…
Acunetix Web Vulnerability Scanner Version 7 Build 20110823 released
An updated build of Acunetix Web Vulnerability Scanner Version 7 was released. This new build (20110823) includes the new Firefox plugin which supports ireFox version 5, two new security checks and a bug fix in the automated WSDL web service scanner. New Security checks Complex…
US Police Servers Breached in New Anonymous Attack
On the 31st of July 2011, the system administrator of Brooks-Jeffrey Marketing (BJM) was working on his newly upgraded servers. At exactly the same time a hacker was slowly sniffing his way through the same systems and picking up everything in his tracks. The hacker had rooted…
Anonymous hack US Department of Defence – Analysis of the Attack
On the 12th of July 2011, Booz Allen Hamilton the largest U.S. military defence contractor admitted that they had just suffered a very serious security breach, at the hands of hacktivist group AntiSec. Operation Anti-Security (AntiSec) is a hacking operation, carried out by two of the biggest…
TimThumb vulnerability: a big number of WordPress plugins and themes are affected
Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“ TimThumb is included in a lot…
htaccess Files and WordPress Security
Adding server-side protection around the WordPress wp-admin folder is like adding a second layer of protection to your WordPress admin area, login page and files. Server-side protection can be added by adding a .htaccess file (directory level configuration file) in your wp-admin WordPress sub directory….