National Cyber Security Awareness Month (NCSAM) is upon us once again. This annual campaign to raise awareness about the importance of cybersecurity is held every year in October. NCSAM is designed to engage and educate public and private sector partners through events and initiatives to…
The difference between Vulnerability Assessment and Penetration Testing
Many information security professionals are familiar with the terms ”‘vulnerability assessment” and “penetration testing” (“pentest” for short). Unfortunately, in many cases, these two terms are incorrectly used interchangeably. This post aims to clarify differences between vulnerability assessment and penetration testing, demonstrate that both are integral…
What is Black-box Security Testing?
Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings. Essentially, black-box testing takes an approach similar…
Issue Tracker Integration with Acunetix
An Issue Tracker such as Atlassian JIRA, GitHub and Microsoft TFS is a powerful and essential tool in the Software Development Life Cycle (SDLC) of almost any software project. It helps development teams streamline collaboration and manage their work without getting lost in an endless…
Eastern Institute of Technology, NZ publishes Case Study on Web Vulnerability Scanners
Ms. Angel Rajan and Dr. Emre Erturk from the Eastern Institute of Technology, Hawke’s Bay, New Zealand, recently published a paper entitled “Web Vulnerability Scanners: Case Study”. The case study analyses the benefits of using of an automated web vulnerability scanning solution like Acunetix, to…
Help Net Security reviews Acunetix v11
Help Net Security, an independent site, focused on information security, reviewed Acunetix v.11. This was not the first time the team behind Help Net Security analysed Acunetix, the first time being back in 2009. Since the review of v.6.5, the product has come a…
Pentest Diaries – Hunting Bugs in HTTP Headers
Some time ago, I joined a bug bounty program of a household name brand, who shall remain anonymous throughout this article. This write-up documents a journey of finding and exploiting SQL injection in some unexpected places. To get started, I randomly chose one of the…
Chunghwa Telecom secures over 100 websites with Acunetix
Chunghwa Telecom, Taiwan’s largest integrated telecommunications services company, with over 12,000 employees and 100 websites, has been using Acunetix since 2009 to protect both their internal critical websites and customer systems. After analysing both HP Webinspect and IBM AppScan, Chunghwa Telecom found Acunetix to be…
Acunetix Vulnerability Testing Report 2017
Each year the Acunetix Team compiles a vulnerability testing report based on data from Acunetix Online. This third Vulnerability Testing Report contains data and analysis of vulnerabilities detected by Acunetix throughout the period of March 2016 to March 2017, illustrating the state of security of…