Acunetix
Acunetix
Blog Post
  • This is the first part in a two part series on HTTP security and HTTP basics. In this first part we bring you overview of the HTTP protocol. HTTP is a ubiquitous protocol and is one of the cornerstones of the web. If you are a newcomer to web application security, a sound knowledge of […] Read More → The post HTTP Security: A Security-focused Introduction to HTTP, Part 1 appeared first on Acunetix...

Acunetix
Acunetix
Blog Post
  • When you install Acunetix v12 on the same machine as Acunetix v11, your Acunetix settings, Targets, Scan and Report data will all be retained. You will just need to install Acunetix v12 on the same machine as Acunetix v11,and your Acunetix installation will be upgraded automatically. Follow the instructions in [link to previous article] for […] Read More → The post Will my Target settings and scan...

Acunetix
Acunetix
Blog Post
  • In Acunetix version 12, the maximum number of Targets that you can configure in Acunetix is defined by your License. You can check how many Targets your license allows from the Acunetix UI > Click on your username at the top right corner, and select Profile > License section. The number of licensed Targets is […] Read More → The post How many Targets can I configure in Acunetix? appeared first on ...

Acunetix
Acunetix
Blog Post
  • There are situations where you need to crawl a site, and choose which paths to scan after crawling the site. This feature has been re-introduced in Acunetix version 12. You will first need to run a Crawl, after which you can choose which files not to scan from the Site Structure. Proceed as follows: From […] Read More → The post How to choose which paths to scan after crawling the site appeared fi...

Acunetix
Acunetix
Blog Post
  • Acunetix v12 (build 12.0.180628131) has been released. This new build detects an unfixed WordPress file deletion vulnerability, vulnerabilities in multiple WordPress Plugins and two Joomla! Core vulnerabilities. Below is a full list of updates. New Features and Vulnerability tests New test for WordPress Arbitrary File Deletion Vulnerability described here and here (CVE-2018-12895) Added detection ...

Acunetix
Acunetix
Blog Post
  • Acunetix will be exhibiting at OWASP AppSec in London between the 2nd and 6th July 2018 at the Queen Elizabeth 11 Centre (QE2) The OWASP Annual AppSec EU Security Conference, is the premier application security conference for European developers and security experts. We invite all customers and partners to visit us at Stand 01 in […] Read More → The post Visit us at OWASP AppSec EU 2018 appeared f...

Acunetix
Acunetix
Blog Post
  • An Acunetix scan can easily be included as part of a Jenkins Pipeline. This provides the benefit of automatically integrating the Acunetix security scan into your continuous delivery (CD) pipeline, and this can be declared as part of your project’s source code repository. Prerequisites Before you start, the Acunetix Jenkins plugin must be installed and […] Read More → The post Integrating Acunetix...

Acunetix
Acunetix
Blog Post
  • Acunetix v12 (build 12.0.180619111) has been released. This new build introduces new vulnerability checks for WordPress, Django, multiple Spring Framework and Atlassian products. Below is a full list of updates. New Features and Vulnerability tests Spring Data Commons RCE via Spring Expression Language (SpEL) injection (CVE-2018-1273) Atlassian OAuth Plugin IconUriServlet SSRF, affecting multiple ...

Acunetix
Acunetix
Blog Post
  • At ZeroNights 2017 conference, I spoke about “Deserialization vulnerabilities in various languages”. For my presentation, I used an interesting article about two serialization packages of Node.js. I showed them as examples of vulnerable implementations of deserialization processes. In this post, I’d like to show results of my own research and a new approach of attacking […] Read More → The post De...

Acunetix
Acunetix
Blog Post
  • Acunetix v12 (build 12.0.180611183) has been released. This new build introduces new vulnerability checks for Oracle Weblogic, PHPUnit, Edge Side Include Injection and other vulnerabilities. The new build also includes a good number of updates and several important fixes. Below is a full list of updates. New Features and Vulnerability tests Introduced system to automatically […] Read More → The po...

Acunetix
Acunetix
Blog Post
  • You can exclude paths from being scanned by configuring the path as an Excluded Path for the Target. This can be done from the Target’s settings > Crawl tab > Excluded Paths. The Excluded paths will need to be configured as a regular expression. Since regular expressions may be be quite tedious, an easier way […] Read More → The post Is there an easy way to exclude paths from being scanned? appear...

Acunetix
Acunetix
Blog Post
  • If your Targets are already configured in another application, such as an Asset Management application, you might want to export the Targets from the 3rd party application and import them into Acunetix. This will save on the Target Configuration time. You can import a number of Targets into Acunetix using a .csv file. Proceed as […] Read More → The post How to import Targets into Acunetix appeared...

Acunetix
Acunetix
Blog Post
  • Acunetix version 12 ships with a new scanning engine which has been rewritten from scratch. One of the benefits of the new scanning engine is an improvement in scanning speed. Our tests indicate that the scanning time of some scans has been halved. This is partially due to a higher number of simultaneous requests being […] Read More → The post How fast is Acunetix v12? appeared first on Acunetix.

Acunetix
Acunetix
Blog Post
  • Sometimes, during a scan, you realise that you should tweak the Target’s settings. For example, you may need to alter the User-Agent used by the scan. This can be done as follows: From the Acunetix UI > Scans > Select the running scan. Click on the Pause button. Change to Targets > Open the settings […] Read More → The post Can I alter the Scan or Target Settings during a scan? appeared first on A...

Acunetix
Acunetix
Blog Post
  • I have configured Excluded Hours for one of my Targets. Are scans for this Target stopped or paused during excluded hours? Scans which are scheduled to start during the Excluded Hours will be started once the Excluded Hours have elapsed. In Acunetix version 12, scans which are running at the start of the Excluded Hours […] Read More → The post Are scans for the Target stopped or paused during excl...

Acunetix
Acunetix
Blog Post
  • Paused scans will be kept in a paused state for 7 days, after which the scan will be marked as Aborted. You will not be able to resume a scan that has been Aborted, however you will be able to review the partial scan results for such scans. Read More → The post How long can a scan remain in a paused state? appeared first on Acunetix.

Acunetix
Acunetix
Blog Post
Acunetix
Acunetix
Blog Post
  • Starting from Acunetix version 12, you can pause scans as needed. You can resume paused scans at a later stage, even after a machine restart. In addition, any scans which are affected by Excluded Hours will be paused. You can pause a scan from Acunetix > Scans > Select the scan to be paused > […] Read More → The post Can I pause a scan? appeared first on Acunetix.

Acunetix
Acunetix
Blog Post
  • A Target is a web site, web application, server or network device that you would like to scan for security vulnerabilities using Acunetix. For licensing purposes, the following rules apply: Localhost and 127.0.0.1 consume 1 Target Domain.com and www.domain.com count as 1 Target Https and http count as 1 Target Sub-domains are different targets (e.g. […] Read More → The post What is a “Target”? app...

Acunetix
Acunetix
Blog Post
  • If you are using Acunetix v11, you will be able to upgrade your Acunetix installation to Acunetix v12, and all your settings will be retained. Proceed as follows: Download the latest version of Acunetix from https://www.acunetix.com/download/fullver/ Backup the files in Install Acunetix v12 on the same machine as Acunetix v11. The installation will […] Read More → The post How to upgrade my Acune...

Acunetix
Acunetix
Blog Post
  • The upgrade of a multi-engine installation may seem like a daunting task, but it is quite easy to do. Here is the procedure to follow: Backup the contents of the directory found at From the Acunetix v11 UI > Settings > Select each Engine and Click on the Delete button Upgrade the Main […] Read More → The post How to upgrade a multi-engine installation from v11 to v12 appeared first on Acunetix.

Acunetix
Acunetix
Blog Post
  • Hot on the release of Acunetix v12, check out what’s NEW in this brief presentation highlighting: Scan speed of up to 2X faster Support for latest JavaScript technologies (ES7) New AcuSensor for Java web applications Pause and Resume scan functionality Exclusion of specific paths in the site’s structure directly from the UI Inclusion of Password […] Read More → The post What’s new in Acunetix v12 ...

Acunetix
Acunetix
Blog Post
  • In-depth analysis of JavaScript-rich sites and Single Page Applications London, UK – May 2018 – Acunetix, the pioneer in automated web application security software, has announced the release of version 12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a […] Read More → The post Acunetix v12: More Compr...

Acunetix
Acunetix
YouTube Video
  • Find out what's new in Acunetix v12! This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs and includes a new AcuSensor for Java web applications to comprehensively and accurately scan all types of websites. With v12 also comes a brand new scanning engine, re-engineered and re-written from the ground up, making Acunetix the faste...

Acunetix
Acunetix
Blog Post
  • Acunetix will be exhibiting for the very first time at CEBIT, Europe’s Business Festival for Innovation and Digitization, held in Hannover, Germany between the 11th and 15th of June. We invite all customers and partners to visit us at Stand A35 in CEBIT d!conomy Regional Sales Executive Daniel McClean and Technical Support Engineer Bernhard Abele will […] Read More → The post Visit us at CEBIT 201...

Acunetix
Acunetix
Blog Post
  • This is part-2 of a 2 part series that discusses the evolution from human to machine based DDoS attacks. It specifically delves into how to prepare for such attacks while keeping low positives and negatives to industry standard low. The Evolution of DDoS In the early 2000’s, we had simple shell scripts created to take […] Read More → The post Preparing for Artificial Intelligence (AI) DDOS Attacks...

Acunetix
Acunetix
Blog Post
  • This is part-1 of a 2 part series that discusses the use of Artificial Intelligence (AI) to compromise web applications. This part introduces the concept of AI and its use for destruction by cybercriminals. The speed at which cybersecurity has evolved over the last decade has taken everyone by surprise. Different types of threats and […] Read More → The post Artificial Intelligence (AI) used in DD...

Acunetix
Acunetix
Blog Post
  • The Virginia Information Technologies Agency (VITA) announced that it cut the number of high-risk vulnerabilities affecting its web applications by 30 percent in one year by implementing a vulnerability-scanning program that includes the use of Acunetix. VITA’s Web Application Vulnerability Scanning Program, implemented in 2016, uses Acunetix to check more than 1,600 public-facing web applications...