Many websites include web forms that capture visitor data, such as download forms. Acunetix Web Vulnerability Scanner can be configured to automatically submit random data or specific values to web forms during the crawl and scan stages of a security audit. By default, Acunetix Web Vulnerability…
Tag Archives v10
Business Logic Security Testing with Acunetix v10
Business logic in web applications refers to the encoding of real-world business rules that determine how data should be created, displayed, stored, and changed in a workflow-style process. Applications implementing business logic are not easy to test automatically because they are meant to be used…
Acunetix updated to detect vulnerabilities including Blind Out-of-band SQLi and RCE
Acunetix Web Vulnerability Scanner version 10 (build 20150707) has been updated to include new vulnerability checks, including the detection of Same Origin Method Execution, XSLT Injection, Blind Out-of-band Remote Code Execution and Blind Out-of-band SQL Injection. This build also includes various updates to the new…
Blind Out-of-band SQL Injection vulnerability testing added to AcuMonitor
Acunetix AcuMonitor is a free intermediary service that helps detect second-order vulnerabilities (i.e. vulnerabilities that do not provide a response to a scanner during testing) during a scan. AcuMonitor made its debut with Acunetix WVS version 9. Since then, we’ve continuously improved the service and…
Increased support for REST, Java and Ruby on Rails testing
Acunetix WVS v10 improves its support for crawling and identifying vulnerabilities in various web technologies. This is the result of feedback gathered during the past months from our user-base. Keeping abreast with updates to web technologies is of utmost importance, as it allows Acunetix to…
XML external entity injection via REST APIs
The new version of Acunetix Web Vulnerability scanner comes with improved support for scanning REST APIs. When Acunetix WVS finds an REST API definition (via a WADL file or from Acunetix DeepScan) it also scans this API resource for XML external entity injection vulnerabilities. If…
How to scan REST APIs using Acunetix WVS version 10
In this blog post I’m going to describe 3 different ways to scan REST APIs using the new version 10 of Acunetix Web Vulnerability Scanner. 1. REST API automatically discovered via Acunetix DeepScan Let’s start with a simple web application that is using REST. It…
Improved support for Ruby on Rails web applications
Aside from better scanning of Java/J2EE web applications, Acunetix WVS version 10 comes with improved support for web applications built using the popular framework Ruby on Rails. A lot of new Rails specific tests were added in the new version. For example, many Rails developers…
Better scanning of Java / J2EE web applications
With the release of Acunetix WVS version 10, we’ve introduced a lot of improvements on how we test Java web applications. Java web applications are notoriously hard to scan automatically for many reasons, the most important one being session management. This type of application will…