Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings. Essentially, black-box testing takes an approach similar…
Author Archives Ian Muscat
THE AUTHOR
Ian Muscat
Using Client Certificates in Acunetix
In most TLS handshakes, the client authenticates the server, therefore, the client knows that the server is who it says it is, but the server doesn’t know much about the client. In most cases, this is fine — authentication via credentials is enough in many…
Issue Tracker Integration with Acunetix
An Issue Tracker such as Atlassian JIRA, GitHub and Microsoft TFS is a powerful and essential tool in the Software Development Life Cycle (SDLC) of almost any software project. It helps development teams streamline collaboration and manage their work without getting lost in an endless…
Configuring HTTP Proxy Settings in Acunetix
If the target website or web application you intend to scan is only reachable via an HTTP proxy, you will need to configure Acunetix On-Premises to make use of that HTTP proxy server before running the scan. You can set different proxy settings per Target…
Acunetix Vulnerability Testing Report 2017
Each year the Acunetix Team compiles a vulnerability testing report based on data from Acunetix Online. This third Vulnerability Testing Report contains data and analysis of vulnerabilities detected by Acunetix throughout the period of March 2016 to March 2017, illustrating the state of security of…
What is a Host Header Attack?
It is common practice for the same web server to host several websites or web applications on the same IP address. This why the host header exists. The host header specifies which website or web application should process an incoming HTTP request. The web server…
How to scan an HTTP Authentication restricted area
In addition to support for form authentication, which Acunetix supports via the Login Sequence Recorder, you can also scan areas of a website or web application which are restricted through the means of HTTP Authentication. HTTP Authentication, sometimes referred to as Basic Authentication, is a…
Port scanning with Server Side Request Forgery (SSRF)
As a pen-tester, there are going to be situations where you will be asked to provide evidence of the seriousness of a vulnerability that has been identified. There is ample documentation on how to do this for the more common vulnerabilities such as Cross-site Scripting…
Getting Started with the Acunetix Web Services Editor
The Web Services Editor is a tool that forms part of the Acunetix Manual Pen Testing Tools suite (available to download for free). The Web Services Editor allows you to import an online or local WSDL file for an in depth analysis of WSDL requests…