The numbers are in… and cybercrime had quite an active 2013 according to Verizon’s 2014 Data Breach Investigations Report (DBIR) – one of the information security industry’s most prominent studies compiled from over 50 contributing organizations. This year’s report includes an array of security issues,…
Author Archives Acunetix
THE AUTHOR
Acunetix
Misleading Reports of 0-Day in Acunetix WVS
Reports of a 0-day vulnerability in Acunetix Web Vulnerability Scanner turn out to affect only an old version from 2012 which was subsequently fixed. A blog post has recently come to our attention that claims a successful attack against Acunetix v8 (build 20120704), and in…
Danger: Open Ports – Trojan is as Trojan does
Open ports are the doorways to your secure perimeter. Behind open ports, there are applications and services listening for inbound packets, waiting for connections from the outside, in order to perform their jobs. Security best practices imply the use of a firewall system that controls…
Scanning for Heartbleed using Acunetix
Soon after the Heartbleed bug was made public, Acunetix released an update to detect the vulnerability in websites and web applications. The script that detects this is called Heartbleed_Bug.script, and is included in the following Scanning Profiles: Default High_Risk_Alerts The newly created heartbleed profile The…
The Aftermath of the Heartbleed Bug
The Heartbleed bug, a security flaw in the popular OpenSSL library used for data encryption, has taken the web security world by storm, and the victim toll has started to rise. The first reported victims include the Canada Revenue Agency (with 900 social security numbers…
Creating Custom Checks in Acunetix Web Vulnerability Scanner
You can reach the latest technical information here: Adding Custom Vulnerability Checks to Your Acunetix Installation Although Acunetix Web Vulnerability Scanner (WVS) includes most of the checks that you may require to perform a comprehensive scan of your site, there might be situations where you…
Elaborate Ways to Exploit XSS: XSS Proxies
In his book “Web Application Vulnerabilities: Detect, Exploit, Prevent”, Steve Palmer describes XSS Proxies as cross-site scripting exploitation tools that allow attackers to temporarily take control over the victim’s browser. XSS Proxy functions as a web server which takes commands from the attacker via a…
CSRF and XSS – Brothers in Arms
What is CSRF (XSRF)? Cross-Site Request Forgery is a type of web attack which exploits the trust of a website in the user’s browser. In essence, the attacker manipulates the victim’s browser to send requests in the user’s name to websites that have been visited…
Elaborate Ways to Exploit XSS: Flash Parameter Injection (FPI)
Common Cross-site scripting (XSS) attacks rely on the injection of malicious code (usually JavaScript) in HTML pages, HTML headers or page DOM. There are, however, ways of injecting malicious code in less likely, very popular and innocent-looking places, such as Flash objects. The use of…