The Linux Foundation and the Laboratory for Innovation Science at Harvard recently released a Report on the 2020 Free/Open-Source Software Contributor Survey. One of the primary conclusions of this report was the fact that free/open-source software developers often have a very negative approach to security….
Cache poisoning denial-of-service attack techniques
Attacks related to cache poisoning represent a clearly visible web security trend that has emerged in recent years. The security community continues to research this area, finding new ways to attack. As part of the recent release of Acunetix, we have added new checks related…
2020 – The Year in Review
The year 2020 won’t go down in history as one of the best, for sure. However, it has actually led to some positive developments. Let us take a look at 2020 in the world of web application security, share our own experiences, and point out…
Acunetix Stance on the SolarWinds Hack
We at Acunetix and Invicti are deeply concerned with the aftermath of the SolarWinds hack and offer our deepest commiserations to all the security personnel who are facing this situation just before Christmas, and to SolarWinds themselves who have been an unwilling agent to the…
Are You Keeping Up with Web Application Security?
Opinion: Almost every business that has computers buys an antivirus solution. However, relatively few businesses that have their own websites buy vulnerability scanners. I believe that most people don’t buy solutions to protect their web applications not because they don’t feel that it’s necessary but…
How To Benchmark a Web Vulnerability Scanner?
You’ve made the right decision to improve your web application security stance and perform regular web application scanning. However, there are several renowned web vulnerability scanners on the market and you have to choose one. How do you do that? As a first step, you…
DevSecOps with Acunetix – The Human Factor
The old-school DevOps model, where the security team works in a silo, separated from agile development teams, introduces a lot of tensions. With such an organization, developers often perceive security analysts as the “bad cops” who make their life difficult. On the other hand, security…
Would the Real IAST Please Stand Up?
Opinion: The term Interactive Application Security Testing (IAST) is probably the vaguest in the world of application security testing. Any tool that extends beyond the traditional DAST or SAST model may use it – and many do. However, I feel that only AcuSensor truly deserves…
What Is the R.U.D.Y. Attack
R.U.D.Y. (R-U-Dead Yet) is a denial-of-service attack tool. Unlike most DoS and DDoS attack tools, the R.U.D.Y. attack tool uses Layer 7 (it is an application layer attack). The attack technique of the R.U.D.Y. tool is very similar to the Slowloris attack. It uses slow…