Black Hat USA is one of the biggest security events on the global calendar; now in its 18th year the six day event is well attended by the security staff of some of the biggest companies, with many having more than 5000 employees. Therefore, this…
In the headlines: Adobe Flash zero day and Java zero day vulnerabilities, and more
Hacking Team data leak result of Adobe Flash Zero day vulnerability If you’ve seen any security news this last week then it will have been impossible to miss the fact that Italian security company Hacking Team suffered a breach. The implications of this are huge,…
Is the new OpenSSL vulnerability Heartbleed all over again?
Last Monday, OpenSSL core team member Mark J Cox, delivered some, grim, but somewhat expected news on OpenSSL’s mailing list — A new version of OpenSSL is due to be released this Thursday 9th July, fixing a single security defect classified as “high” severity. OpenSSL is…
Acunetix Web Application Vulnerability Report 2015
A year after the release of the online version of our vulnerability scanner in March 2014, Acunetix have aggregated the findings of over 15,000 scans performed on 1.9 million files over the past 12 months with some interesting results. The report details the most common vulnerabilities…
Blind Out-of-band Remote Code Execution vulnerability testing added to AcuMonitor
Similar to Blind Out-of-band SQL Injection vulnerabilities, AcuMonitor can now detect Blind Out-of-band Remote Code Execution (RCE) vulnerabilities. Let’s consider a vulnerable PHP application that contains the following code $cmd = isset($_GET[‘1’]) ? $_GET[‘1’] : ”; if ($cmd) { exec(‘ping -c 1 ‘ . $cmd);…
Blind Out-of-band SQL Injection vulnerability testing added to AcuMonitor
Acunetix AcuMonitor is a free intermediary service that helps detect second-order vulnerabilities (i.e. vulnerabilities that do not provide a response to a scanner during testing) during a scan. AcuMonitor made its debut with Acunetix WVS version 9. Since then, we’ve continuously improved the service and…
Increased support for REST, Java and Ruby on Rails testing
Acunetix WVS v10 improves its support for crawling and identifying vulnerabilities in various web technologies. This is the result of feedback gathered during the past months from our user-base. Keeping abreast with updates to web technologies is of utmost importance, as it allows Acunetix to…
In the headlines: Windows 10, Drupal, GitHub and more
Windows 10 due to support SSH As you should now have heard, or as you might notice from the new little Windows icon on your taskbar, Windows 10 is due to be released at the end of July. The most interesting bit of news from…
ASD Strategies to Mitigate Targeted Cyber Intrusions
In Australia, the government provides formal guidance regarding cyber security in the form of the ‘Strategies to Mitigate Targeted Cyber Intrusions’ document, issued by the Department of Defence. This ties with the statutory information security compliance which anyone handling Australian Government data is subject to….