Source code often contains some form of sensitive information. It may be configuration-related information (e.g. database credentials) or simply information about how the web application works. If source code files are disclosed, an attacker may potentially use such information to discover logical flaws. This may…
Author Archives Juxhin Dyrmishi Brigjaj
THE AUTHOR
Juxhin Dyrmishi Brigjaj
How to Mitigate XXE Vulnerabilities in Python
What is XML External Entity (XXE)? XML External Entity Injection is often referred to as a variant of Server-side Request Forgery (SSRF). XXE leverages language parsers that parse the widely used data format, XML used in a number of common scenarios such as SOAP &…
Scanning for vulnerabilities using Custom Cookies
There may be some cases in which a website or web application you are scanning requires custom cookies to be set to be scanned properly. In Acunetix, you can set custom cookies which will be used during the crawl and scan. To add a custom…
Drupal Ransomware Vulnerability Attacks – Rex
For the past few months, multiple reports regarding a ransomware primarily affecting the popular CMS, Drupal have been emerging. The ransomware itself has no official name however is currently being dubbed as Rex. In May 2016, it was reported that 400 Drupal installations were affected, and…
JBoss Ransomware Vulnerability Attacks
In recent weeks there have been multiple reports regarding a ransomware campaign, known as SamSam, targeting vulnerable JBoss (now known as WildFly) application servers. An official report released by Cisco Talos states that there have been approximately 3.2 million machines hosting the vulnerable versions of…
What’s new in CVSS version 3
The Common Vulnerability Scoring System (CVSS) is an open standard for assessing the severity of security vulnerabilities, designed in such a way that makes it independent from any vendor or industry. In our previous blog post, we discussed CVSS v3 and how Acunetix provides support…
Acunetix v10.5 assigns CVSS 3.0 scoring to its vulnerabilities
The Common Vulnerability Scoring System (CVSS) is an open standard for assessing the severity of security vulnerabilities. “Common” being the keyword, indicating that CVSS is designed to not only be independent to a specific vendor or industry, but also interoperable across systems that vary in…
Authenticated scans more effective! How?
The majority of web applications today make use of a login mechanism where the user must supply a set of credentials in order to navigate to authenticated areas of the web application. This allows access to restricted content and content that is customised to the…
Acunetix WVS Input Fields
Many websites include web forms that capture visitor data, such as download forms. Acunetix Web Vulnerability Scanner can be configured to automatically submit random data or specific values to web forms during the crawl and scan stages of a security audit. By default, Acunetix Web Vulnerability…