Web application firewalls (WAFs) are one of many web application security solutions at your disposal. Unfortunately, buyers often don’t understand their purpose and treat them as a direct replacement for other classes of tools, for example, web vulnerability scanners such as Acunetix. The two classes…
Vulnerability scanning tools – why not open-source?
With the immense popularity of open-source software such as Linux, WordPress, or Magento, you might wonder why the situation is so different in the world of web application security. Let’s try to compare open-source vulnerability scanners with commercial solutions and it will soon be clear…
The Acunetix REST API
In addition to the user-friendly Acunetix user interface, all Acunetix functionality is also available through a built-in REST API. The REST API is available immediately upon installation and requires no configuration at all. All you need to do is open the Acunetix GUI to get…
Acunetix update introduces Node.js AcuSensor, target knowledge base, and multiple unrestricted access vulnerability checks
A new Acunetix update has been released for Windows, Linux, and macOS: 13.0.210129162. This Acunetix update introduces AcuSensor for Node.js and a feature called target knowledge base, which holds data from past scans and helps improve future scans. We also made fully qualified domain names…
Managing scans using Python and the Acunetix API
In the two previous installments of this series, we have shown you how to manage Acunetix scans using Bash and PowerShell together with the Acunetix API. In this article, you will learn how to do the same using Python. As an example, we will create…
Web API security with Acunetix
It’s no secret – application programming interfaces are everywhere. Many complex web applications are based on microservices, which use APIs to work with one another. Mobile apps and IoT devices also use APIs to communicate with their back-ends. Not to mention that almost every online…
Scanning authenticated web assets with the Login Sequence Recorder
Most web applications and websites require some form of authentication – either as a whole or in an area. Many web vulnerability scanners struggle with such authenticated web assets. While some scanners are able to detect standard authentication forms and mechanisms, in the case of…
Why Developers Shun Security and What You Can Do about It
The Linux Foundation and the Laboratory for Innovation Science at Harvard recently released a Report on the 2020 Free/Open-Source Software Contributor Survey. One of the primary conclusions of this report was the fact that free/open-source software developers often have a very negative approach to security….
Cache poisoning denial-of-service attack techniques
Attacks related to cache poisoning represent a clearly visible web security trend that has emerged in recent years. The security community continues to research this area, finding new ways to attack. As part of the recent release of Acunetix, we have added new checks related…