The Authentication Tester is a tool that forms part of the Acunetix Manual Pen Testing Tools suite (available to download for free). The Authentication Tester allows you to test the strength of credentials used in HTTP authentication, as well as custom HTML form-based authentication by…
Author Archives Ian Muscat
THE AUTHOR
Ian Muscat
Getting Started with the Acunetix Target Finder
The Target Finder is a tool that forms part of the Acunetix Manual Tools suite (available to download for free). The Target Finder allows you to run a port scan to discover web servers running on a given IP address, or a range of IP…
Getting Started with the Acunetix Subdomain Scanner
The Subdomain Scanner is one of the tools in the Acunetix Manual Tools suite for penetration testers. The Acunetix Manual Tools Suite is a set of tools for penetration testing, ethical hacking, and attack surface information gathering. The tools are free for commercial use but…
Getting Started with the Acunetix HTTP Sniffer
The HTTP Sniffer is one of the tools among the Acunetix Manual Tools suite (available to download for free). The HTTP Sniffer is a proxy that allows you to analyze HTTP requests and responses, and manually crawl a site structure. The HTTP Sniffer can also…
Getting Started with the Acunetix HTTP Fuzzer
The HTTP Fuzzer is one of the tools in the Acunetix Manual Tools suite designed to let you manually test for security issues. The Acunetix Manual Tools Suite is a set of tools for black-box testing and application security information gathering. These security vulnerability testing…
Getting Started with the Acunetix HTTP Editor
The HTTP Editor is one of the most flexible and widely used tools among the Acunetix Manual Tools suite (available to download for free). The HTTP Editor allows you to create, analyze, and edit client HTTP requests; as well as inspect server responses. It also…
33% of websites and webapps are vulnerable to XSS
Cross-site Scripting (XSS) is a much talked-about type of injection vulnerability that occurs on the client-side (that is, in a user’s browser). It occurs, predominantly through the use of JavaScript due to its prevalence in most browsing experiences. Cross-site Scripting can be classified into four…
SQL injection slowly receding, but still a major concern
SQL injection (SQLi) is a frequent topic on this blog – it refers to an injection attack that allows an attacker to execute malicious SQL statements that allow the attacker to control a web application’s database server. Since an SQL injection vulnerability could possibly affect…
Hunting for XXE in Uber using Acunetix AcuMonitor
XML External Entity (XXE) vulnerabilities are attacks which involve an attacker abusing an application which parses XML. The attack occurs against an XML parser which has XML entities enabled. If you are not familiar with XML entities, you can think of them as a rarely…