If you are making use of OpenX, the following update fixes a number of security flaws that were identified when we made use of Acunetix WVS with the Acusensor technology enabled. Released an advisory detailing these vulnerabilities here. The SQL injection vulnerabilities abuse an INSERT…
Author Archives Acunetix
THE AUTHOR
Acunetix
When Google claims that "This site may harm your computer"
This warning does not refer to this particular site (Acunetix.com) but to quite a few websites out there. This is a notice that will show up when a Google search lists websites that are flagged as dangerous. Google’s search engine works together with StopBadware.org to…
A quick security analysis of Facebook’s Album Privacy
Most social networking sites have privacy options which allow users to share photo albums with selected people or groups. Such features encourage end users to upload possibly compromising photos, for example photos of last night’s party. The idea is that it is acceptable to share…
Acunetix Web Vulnerability Scanner Voted Windowsecurity.Com Readers’ Choice Award Winner for the second time
Acunetix WVS Singled Out by Network Security Administrators and Specialists London, UK – 26 February 2009 – Leading Windows Security resource site, WindowSecurity.com, announced today that Acunetix Web Vulnerability Scanner was selected the winner in the Web Application Security category of the WindowSecurity.com Readers’ Choice Awards….
How can low privilege bugs lead to a server compromise?
To address a large number of security concerns, it is often recommended that web applications make effective use of “the principle of least privilege“. The idea is that one should only grant the privileges on the basis that they are needed. In a previous post,…
Updated Acunetix addresses Ananta’s comparison report issues
In just 2 weeks, we released an updated version of Acunetix WVS version 6 to address issues reported in an independent web scanner comparison report published by Ananta. What’s for sure is that now we will do even better than we already did as a…
SQL injection sneaks into Kaspersky’s support website
The recent compromise of Kaspersky’s support database left the company with a bit of explaining to do. The hacker published a blog post on hackersblog detailing stunts with Kaspersky’s USA support website. Kaspersky also published their own account based on their log files and the hacker’s (nicknamed unu) blog post. The following is a summary of what happened and how such attacks can be prevented.
Embedded devices can be hacked through the web interface
Anyone who has tested even a small number of web configuration interfaces on embedded devices, such as managed routers, VoIP gateways and wireless routers, knows that these devices are notorious for web application vulnerabilities. It is not uncommon for these devices to be vulnerable to…
Free Standalone Acunetix Report Viewer available for download
The Acunetix Report Viewer is a free standalone application that can be used to view Acunetix report (.pre) files only. Why should one download the Report Viewer? The report’s Table of Contents is available in the Report Viewer. This is not available when reports are…