Over the past week, we have been busy updating Acunetix to detect Log4j vulnerabilities that have been making the headlines. Acunetix is detecting the CVE-2021-44228 vulnerability (Log4Shell) as an out-of-band vulnerability using the AcuMonitor service. In addition, the AcuMonitor service and Acunetix have been updated…
Log4j: A forcing function to adopt long-overdue continuous security
Like other unexpected exploits and big-time breaches, the recent discovery of vulnerabilities in Log4j reminded us that serious threats can seemingly come out of nowhere and create significant new risks. It is another stark reminder that, despite the frequent occurrence of security breaches, many organizations…
Critical alert – Log4Shell (CVE-2021-44228 in Log4j) – possibly the biggest impact vulnerability ever
On December 10, 2021, a serious vulnerability was discovered in the Apache Log4j framework, which is commonly used by most Java installations. The vulnerability, dubbed Log4Shell or LogJam, was identified in the NVD as CVE-2021-44228 and, to quote one of Acunetix original creators and primary…
How Acunetix addresses HTTP/2 vulnerabilities
In the latest release of Acunetix, we added support for the HTTP/2 protocol and introduced several checks specific to the vulnerabilities associated with this protocol. For example, we introduced checks for misrouting, server-side request forgery (SSRF), and web cache poisoning. In this article, we’d like…
Acunetix introduces support for the detection of HTTP/2 vulnerabilities and improves handling of Laravel CSRF tokens
A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.6.211207099. This Acunetix release introduces support for the detection of HTTP/2 vulnerabilities. HTTP/2 is an upgrade to the HTTP protocol and is used more and more frequently. It does however introduce a…
Secure coding practices – the three key principles
All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of…
Shifting left with Acunetix Premium and GitHub
To develop an application, you usually perform multiple iterations of the following activities: Commit the source code to implement a new or changed feature or a bug fix Build the solution Deploy a test environment containing the solution Run QA tests against the test environment…
Code security is not enough!
Recently, I came across an article that referred to web application security as code security and I hope it was just a slip of the tongue. If you really think web application security is the same as code security, you are leaving a gaping hole…
What is website security – how to protect your website from hacking
You protect your every office computer with an antivirus. You install firewalls to prevent unwanted access to your network. But what do you do to secure your website? And what can happen if it’s not secured? This article is aimed at website owners that are…