What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-18 07:18:28 | CISA\'s Zero Trust Maturity Model is a rallying cry for modern web app security (lien direct) | Increasingly sophisticated cyberattacks against federal agencies highlight the urgent need to enhance federal cybersecurity. To help with this, CISA has published the Zero Trust Maturity Model to assist agencies in implementing zero trust architecture (ZTA) – and modern AppSec solutions are a crucial part of... Read more | |||
|
2021-10-14 07:14:31 | Acunetix introduces support for Brotli encoding, IAST support for new Node.js frameworks, and many new vulnerability checks (lien direct) | A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.5.211008143. This Acunetix release introduces support for the Brotli encoding and URL optional fields. The Node.js IAST AcuSensor has been updated to support numerous frameworks and the JAVA IAST AcuSensor can now... Read more | Vulnerability | ||
|
2021-10-11 07:30:06 | Stop compromising on web application security (lien direct) | Modern web applications are often in continuous development in highly automated workflows, so keeping them secure requires equally automated AppSec solutions. When you add to this a highly dynamic threat environment, manual security processes cannot hope to keep up. This post presents highlights from an... Read more | Threat | ||
|
2021-10-07 07:13:34 | Paul\'s Security Weekly: Securing iframes using the sandbox attribute (lien direct) | Our Senior Security Researcher, Benjamin Daniel Mussler, has been invited to the Security Weekly podcast to talk about the security of iframes and, in particular, how to secure iframes using the sandbox attribute. Benjamin first talked about how traditional framesets have become completely obsolete but... Read more | |||
|
2021-10-04 06:55:40 | (Déjà vu) Integrating Acunetix with GitHub for CI/CD (lien direct) | You can integrate your Acunetix Premium account with GitHub for issue management and for CI/CD purposes. This article shows how to configure your GitHub account and how to integrate with it in Acunetix Premium for CI/CD. If you want to know how to integrate with... Read more | |||
|
2021-09-30 06:40:07 | Debunking 5 cybersecurity posture myths (lien direct) | Small and medium businesses have it hard when it comes to cybersecurity posture. The cybersecurity gap hits them the hardest because most security experts would rather choose different work environments. Young information security enthusiasts are in high demand. However, instead of SMBs, they usually prefer to work... Read more | |||
|
2021-09-27 07:01:01 | Web vulnerability classes in the context of information security certifications (lien direct) | For certifications such as CISSP, CISA, Security+, CASP+, or CySA+, web vulnerability classes make up only a small part of the knowledge required to pass the exam. For instance, the CISSP exam evaluates the student's expertise in eight domains, and even advanced knowledge of subjects... Read more | Vulnerability | ||
|
2021-09-23 06:58:03 | OWASP Top 10 2021 – what\'s new, what\'s changed (lien direct) | The 2021 edition of the OWASP Top 10 is finally out*! Let's have a look at what OWASP introduced/changed in their industry-standard checklist for web application security and let's compare it with our predictions from last year for the OWASP Top 10 2021. Last but... Read more | |||
|
2021-09-20 07:08:17 | Finding and fixing security flaws in third-party software that you don\'t have control over (lien direct) | There's a popular bit of wisdom that says don't stress over the things in your life that you cannot control. It's great advice for all of us these days. Still, though, no matter how hard you try, there will be some things that are out... Read more | |||
|
2021-09-16 06:40:58 | Should you shift left or not? (lien direct) | Shifting left is now a popular trend in information security. Does that mean that you should hop on the bandwagon and tear your hair out just to shift your security left? No, it does not. Actually, in most cases, if you blindly jump on this... Read more | |||
|
2021-09-13 07:00:00 | What is HTTP header injection (lien direct) | The HTTP header injection vulnerability is a web application security term that refers to a situation when the attacker tricks the web application into inserting extra HTTP headers into legitimate HTTP responses. HTTP header injection is a technique that can be used to facilitate malicious... Read more | Vulnerability | ||
|
2021-09-09 11:44:29 | Web Security Basics: Is Your Web Application Safe? (lien direct) | In our old advertisements, you could often read that 70 percent of websites are hackable. The sad truth is, however, that every website and web application can be hacked, given enough time and resources. What makes a website or web application fall within the 70 percent... Read more | |||
|
2021-09-06 07:02:42 | (Déjà vu) Integrating Acunetix with GitLab for CI/CD (lien direct) | You can integrate your Acunetix Premium account with GitLab for issue management and for CI/CD purposes. This article shows how to configure your GitLab account and how to integrate with it in Acunetix Premium for CI/CD. If you want to know how to integrate with... Read more | |||
|
2021-08-30 10:50:49 | Acunetix by Invicti exhibiting at 2021 Air, Space & Cyber Conference (lien direct) | This year we will be exhibiting at the 2021 Air, Space & Cyber Conference at the Gaylord National Resort in National Harbor, Maryland on September 20–22 as Invicti, the company behind Acunetix. The Air, Space & Cyber Conference is the leading professional development event for... Read more | Guideline | ||
|
2021-08-26 07:12:35 | Choosing the web application security solution that is right for you (lien direct) | Do you have a headache trying to choose the right web application security solution? Well, we sure hope it's Acunetix, but it might not be! We won't try to convince you that we are the one – that would be unprofessional because we know nothing... Read more | |||
|
2021-08-23 07:26:48 | Major European bank relies on Acunetix to efficiently automate web application security efforts (lien direct) | The banking sector pays extra attention to web application security due to being a popular target of criminal organizations specializing in cybercrime. Since commercial banks must keep up with the times as much as possible to remain competitive, many of their legacy applications are now... Read more | |||
|
2021-08-18 09:32:24 | Acunetix introduces pre-request scripts, log data retention options, and many new vulnerability checks (lien direct) | A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.3.210816098. This Acunetix release introduces pre-request scripts that can be developed using the existing custom vulnerability scripts syntax, new log data retention options, and new vulnerability checks for Oracle E-Business Suite, Alibaba... Read more | Vulnerability | ||
|
2021-08-16 14:54:43 | US government agencies given a new deadline to secure critical software (lien direct) | The Office of Management and Budget (OMB) released a memorandum on August 10, 2021, in response to Executive Order (EO) 14028, Improving the Nation's Cybersecurity. The EO recognizes the importance of software security to protect against malicious cyber attacks that threaten the American people's security... Read more | |||
|
2021-08-12 06:11:12 | Is it good? Ask the developer! (lien direct) | We're so used to the image of the “security guy” who takes care of all the cybersecurity needs in the company that it keeps security siloed and makes progress impossible. We have to get rid of that image and realize that in some cases, notably... Read more | |||
|
2021-08-10 06:54:17 | Black Hat 2021: What we don\'t know may be the greatest cybersecurity threat (lien direct) | I always come away from the Black Hat USA cybersecurity conference having learned something new, feeling inspired, and imbued with just the right amount of angsty determination to do my part to help improve what is, in my opinion, one of the most pressing collective... Read more | Threat | ||
|
2021-08-05 06:00:29 | 7 Web Application Security Best Practices (lien direct) | To maintain the best possible security stance and protect your sensitive data against cyberattacks, you cannot just rely on security products alone. Here is a list of seven key elements that we believe should be considered in your web app security strategy. 1. Include everyone in security... Read more | |||
|
2021-08-02 10:02:19 | Join the panel: Shifting security left with DevSecOps (lien direct) | Fifteen years ago, there were 50 million websites. Today there are nearly two billion. With the government's adoption of cloud technologies, that number is continuing to grow exponentially. In order to appropriately comply with regulations, it is imperative that government agencies incorporate security testing across... Read more | |||
|
2021-07-29 10:41:19 | Integrating Acunetix with Azure DevOps services for CI/CD (lien direct) | You can integrate your Acunetix Premium account with Azure DevOps Services for issue management and for CI/CD purposes. This article shows how to configure your Azure DevOps account and how to integrate with it in Acunetix Premium for CI/CD. If you want to know how... Read more | |||
|
2021-07-26 07:13:02 | DIY security – are you doing it right? (lien direct) | There is no tool in the world that can fully replace a human when it comes to finding web vulnerabilities. A skilled security researcher is always able to find more than an automated scanner. There is just one problem. With a ratio of thousands of... Read more | Tool | ||
|
2021-07-22 07:31:12 | 5 reasons why every MSSP needs a professional web application security solution (lien direct) | Managed security service providers (MSSP) are a fantastic alternative for small to medium-sized organizations whose primary objectives are to hire employees that are business-focused, not recruit teams of IT and security professionals who, whilst valuable to the security of the organization are not contributors to... Read more | |||
|
2021-07-19 07:18:16 | Installing Acunetix on Docker (lien direct) | In our latest release, we made sure that you can easily create a Docker container containing Acunetix. You can use such a Docker container, for example, when running multiple engines from multiple locations or when using Acunetix® in the CI/CD environment. Basic considerations When installing... Read more | |||
|
2021-07-15 07:00:52 | Cybersecurity metrics for web applications (lien direct) | Small and mid-sized businesses are able to manage their information security, including web application security, in a very direct fashion. The numbers of assets, vulnerabilities, and incidents are low enough for the security manager to be able to have a clear view of IT security... Read more | |||
|
2021-07-12 07:12:02 | Setting and achieving your application security goals (lien direct) | Ensuring application security and resilience is largely a technical endeavor. From source code development to vulnerability and penetration testing and all the variables in between, there are a lot of moving parts on the technical side. It's important, however, to remember the soft side of... Read more | Vulnerability | ||
|
2021-07-08 13:55:31 | Acunetix by Invicti exhibiting at Black Hat USA 2021 (lien direct) | This year we will be exhibiting at Black Hat USA 2021 on August 4–5 as Invicti, the company behind Acunetix. Black Hat USA is an internationally recognized cybersecurity event where businesses and security experts share the latest news about IT security research and other topics... Read more | |||
|
2021-07-05 12:13:22 | Invicti Security at CyberTalks 2021 (lien direct) | The latest edition of CyberTalks, the largest annual gathering of CISOs and cyber leaders, was held on June 15-16, and attracted thousands of virtual attendees from government, technology, finance, and medical sectors. During these unprecedented times, the necessity to come together was more urgent than... Read more | Guideline | ||
|
2021-07-01 08:43:00 | Bouncing back: how your agency can handle disruption and embrace resilience (lien direct) | Invicti, the company behind Acunetix and Netsparker, has been securing public sector web applications for years, working with prominent agencies such as NIH, DOT and the United States Armed Forces. As part of GovLoop's Cyber Resiliency Guide, Bouncing Back: How Your Agency Can Handle Disruption and... Read more | |||
|
2021-06-28 07:00:41 | How to use Acunetix software composition analysis (lien direct) | Software composition analysis (SCA) is an important part of application security testing. Today's web applications deliver rich functionality through the use of multiple open-source components. Like all software, open-source components are subject to vulnerabilities, and each component will have a development path typically tracked with... Read more | |||
|
2021-06-24 09:53:21 | What is SCA and why you need it (lien direct) | The security of your business depends not just on your code but on the entire supply chain, which includes third-party components. The more third-party components you use, the more likely it is that a vulnerability in your web application will be a result of third-party... Read more | Vulnerability | ||
|
2021-06-17 08:03:21 | Acunetix introduces software composition analysis (SCA) (lien direct) | A new Acunetix update has been released for Windows, Linux, and macOS: 14.2.210615184. This Acunetix release introduces software composition analysis (SCA) functionality, allowing customers to detect vulnerable open-source libraries used by the web application. It also provides multiple updates, including a revised PCI DSS compliance... Read more | |||
|
2021-06-10 07:21:41 | Do you want your security to be built on excuses? (lien direct) | Opinion: Do you leave your car keys in the ignition just because it's easier than securing your vehicle? If not, why do you come up with similar excuses when making decisions about the security of your sensitive data and your business reputation? In the cybersecurity... Read more | |||
|
2021-06-08 07:34:44 | RSA21 Security Weekly with Mark Ralls, Invicti President & COO (lien direct) | As part of the RSA Conference 2021, Mark Ralls, Invicti® President & COO, was interviewed by Security Weekly's Matt Alderman on the topic of the findings included in the Invicti AppSec Indicator Spring 2021 Edition: Acunetix® Web Vulnerability Report – the lost year in web... Read more | Vulnerability | ||
|
2021-06-03 07:01:46 | The effect of President Biden\'s security order on web application vendors (lien direct) | Do you want to sell your web applications to US government agencies? We have bad news and good news. The bad news is: President Biden just made it more difficult for you. The good news is: Acunetix® can make it much easier. The SolarWinds breach... Read more | |||
|
2021-06-01 15:48:29 | Invicti recognized on the 2021 Gartner Magic Quadrant for Application Security Testing (lien direct) | At Invicti, we are absolutely thrilled to be recognized for the first time in the Magic Quadrant for Application Security Testing this year. Gartner is a leading IT research and advisory firm that helps businesses of all sizes evaluate technology and make informed decisions. We... Read more | Guideline | ||
|
2021-05-25 07:00:34 | How to avoid web supply chain attacks (lien direct) | In early 2021, attackers infiltrated SolarWinds software used by thousands of major businesses and organizations worldwide. This allowed malicious parties to access data owned by not just SolarWinds but everyone who used the SolarWinds solution. Such attacks are called supply chain attacks and yes, they... Read more | |||
|
2021-05-25 07:00:28 | Why most application security measures fail and what must be done about it (lien direct) | In business, you're only as good as the things that you have control over. And the only things that you can have control over are the things that you proactively measure and manage. If application security is an important part of your overall security program... Read more | |||
|
2021-05-20 07:00:04 | Integrating Acunetix with CircleCI (lien direct) | If you want to include Acunetix in your DevSecOps, you need to integrate it with a CI/CD system. Acunetix has an out-of-the box integration for the most popular CI/CD system – Jenkins. However, you can use the Acunetix REST API to integrate the scanner with... Read more | |||
|
2021-05-18 07:00:13 | Sensitive data exposure – how breaches happen (lien direct) | The term sensitive data exposure means letting unauthorized parties access stored or transmitted sensitive information such as credit card numbers or passwords. Most major security breaches worldwide result in some kind of sensitive data exposure. Exploiting an attack vector such as a web vulnerability is... Read more | Vulnerability | ||
|
2021-05-13 07:00:10 | Ad-hoc scanning is not enough (lien direct) | A web vulnerability scanner is usually perceived as an ad-hoc tool. Initially, all vulnerability scanners were such tools and current open-source web application security solutions still follow that model. However, with a major increase in the complexity and availability of web technologies, the ad-hoc model... Read more | Vulnerability | ||
|
2021-05-11 07:00:44 | (Déjà vu) WAF integration: Acunetix and FortiWeb (lien direct) | The Acunetix API gives you the opportunity to automate tasks to increase efficiency - especially when you can accelerate integration functionality with other components of your workflow. In this example, we will build on a previous article, where we've shown you how to use the... Read more | |||
|
2021-05-06 07:00:00 | Are you afraid of security testing in the SDLC? (lien direct) | Opinion: DevOps are simply afraid of trying something new. They are used to Selenium tests that hog the pipelines and provide hard-to-interpret results but at the same time they often shun DAST testing, which is nowhere near as troublesome. Recently, I had an interesting discussion... Read more | |||
|
2021-05-04 13:20:28 | Acunetix introduces Docker support, scan statistics, and the ability to send vulnerabilities to the AWS WAF (lien direct) | A new Acunetix update has been released for Windows, Linux, and macOS: 14.2.210503151. This Acunetix update introduces Docker support, a new Scan Statistics page that is shown for each scan, and the ability to send vulnerability information to the AWS WAF. Customers sending vulnerabilities to... Read more | Vulnerability | ||
|
2021-04-29 07:00:31 | WAF integration: Acunetix and F5 BigIP ASM (lien direct) | The Acunetix API gives you the opportunity to automate tasks to increase efficiency – especially when you can accelerate the integration of functionality with other components of your workflow. In this example, we will build on a previous article, where we've shown you how to... Read more | |||
|
2021-04-27 07:00:27 | Miscommunication is at the heart of AppSec challenges (lien direct) | Miscommunication breaks things in business. Whether it's unintentional – based on assumptions or intentional – driven by political motivations, miscommunication is at the heart of most challenges in business today. In our line of work, there's hardly any more obvious form of miscommunication than what... Read more | |||
|
2021-04-23 08:26:58 | Remote Debuggers as an Attack Vector (lien direct) | Over the course of the past year, our team added many new checks to the Acunetix scanner. Several of these checks were related to the debug modes of web applications as well as components/panels used for debugging. These debug modes and components/panels often have misconfigurations,... Read more | |||
|
2021-04-20 10:59:27 | What Is The Acunetix Target Knowledge Base (lien direct) | With the latest update to Acunetix, we introduced a new feature called the target knowledge base. Every time you scan a target, Acunetix gathers and stores information about it. This information includes paths that make up the site structure, the location of forms and their... Read more |
To see everything:
Our RSS (filtrered)
