It is common practice for web pages and web applications to implement contact forms, which in turn send email messages to the intended recipients. Most of the time, such contact forms set headers. These headers are interpreted by the email library on the web server…
Tag Archives wvs
How to Prevent SQL Injection Vulnerabilities in PHP Applications
SQL Injection (SQLi) is a type of injection attack. An attacker can use it to make a web application process and execute injected SQL statements as part of an existing SQL query. This article assumes that you have a basic understanding of SQL Injection attacks…
What Are XML External Entity (XXE) Attacks
An XML External Entity (XXE) attack (sometimes called an XXE injection attack) is a type of attack that abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service (DoS) as well as access…
Configuring HTTP Proxy Settings in Acunetix
If the target website or web application you intend to scan is only reachable via an HTTP proxy, you will need to configure Acunetix On-Premises to make use of that HTTP proxy server before running the scan. You can set different proxy settings per Target…
What is a Host Header Attack?
It is common practice for the same web server to host several websites or web applications on the same IP address. This why the host header exists. The host header specifies which website or web application should process an incoming HTTP request. The web server…
How to scan an HTTP Authentication restricted area
In addition to support for form authentication, which Acunetix supports via the Login Sequence Recorder, you can also scan areas of a website or web application which are restricted through the means of HTTP Authentication. HTTP Authentication, sometimes referred to as Basic Authentication, is a…
Port scanning with Server Side Request Forgery (SSRF)
As a pen-tester, there are going to be situations where you will be asked to provide evidence of the seriousness of a vulnerability that has been identified. There is ample documentation on how to do this for the more common vulnerabilities such as Cross-site Scripting…
Scanning for vulnerabilities using Custom Cookies
There may be some cases in which a website or web application you are scanning requires custom cookies to be set to be scanned properly. In Acunetix, you can set custom cookies which will be used during the crawl and scan. To add a custom…
How do I update to the latest Acunetix build?
Keeping Acunetix up-to-date is important to ensure you always get the latest updates to existing and newly added tests, features, bugfixes and improvements. Fortunately it’s not only easy but transparent. By default Acunetix automatically checks for updates, installs any new updates in the background without…