As 2021 comes to an end, it is time to sum up the year to see what it meant for Acunetix, Invicti, and the web application security industry. The rise of Invicti 2021 was the year when Acunetix became a brand of Invicti Security. The…
Log4j vulnerability resource center
Watch this space for the latest news and resources from Invicti on the Log4j crisis. Product update All Netsparker and Acunetix products now detect the CVE-2021-44228 Log4j-related vulnerability (known as Log4Shell or LogJam). More in our official statement. Our perspective Invicti President and COO Mark…
Acunetix releases multiple updates to detect Log4j vulnerabilities
Over the past week, we have been busy updating Acunetix to detect Log4j vulnerabilities that have been making the headlines. Acunetix is detecting the CVE-2021-44228 vulnerability (Log4Shell) as an out-of-band vulnerability using the AcuMonitor service. In addition, the AcuMonitor service and Acunetix have been updated…
Log4j: A forcing function to adopt long-overdue continuous security
Like other unexpected exploits and big-time breaches, the recent discovery of vulnerabilities in Log4j reminded us that serious threats can seemingly come out of nowhere and create significant new risks. It is another stark reminder that, despite the frequent occurrence of security breaches, many organizations…
Critical alert – Log4Shell (CVE-2021-44228 in Log4j) – possibly the biggest impact vulnerability ever
On December 10, 2021, a serious vulnerability was discovered in the Apache Log4j framework, which is commonly used by most Java installations. The vulnerability, dubbed Log4Shell or LogJam, was identified in the NVD as CVE-2021-44228 and, to quote one of Acunetix original creators and primary…
How Acunetix addresses HTTP/2 vulnerabilities
In the latest release of Acunetix, we added support for the HTTP/2 protocol and introduced several checks specific to the vulnerabilities associated with this protocol. For example, we introduced checks for misrouting, server-side request forgery (SSRF), and web cache poisoning. In this article, we’d like…
Acunetix introduces support for the detection of HTTP/2 vulnerabilities and improves handling of Laravel CSRF tokens
A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.6.211207099. This Acunetix release introduces support for the detection of HTTP/2 vulnerabilities. HTTP/2 is an upgrade to the HTTP protocol and is used more and more frequently. It does however introduce a…
Secure coding practices – the three key principles
All security vulnerabilities are the result of human error. Most web application vulnerabilities and API security issues are introduced by developers. Therefore, the best approach to building secure applications is to do all that is possible to avoid introducing such errors in the first place instead of…
Shifting left with Acunetix Premium and GitHub
To develop an application, you usually perform multiple iterations of the following activities: Commit the source code to implement a new or changed feature or a bug fix Build the solution Deploy a test environment containing the solution Run QA tests against the test environment…