What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-06 07:32:58 | Considerations for web application remediation testing (lien direct) | >It seems that most application security discussions revolve around initial vulnerability scanning and penetration testing. You've got to start somewhere. The thing is many people often stop at that point. Vulnerabilities are uncovered, results are passed along to developers, DevSecOps, or other technical staff, and... Read more | Vulnerability | ||
|
2022-05-30 06:00:40 | Penetration testing vs vulnerability scanning (lien direct) | >Businesses often perceive vulnerability scanning as an alternative to penetration testing. This perception is wrong. An organization conscious of cybersecurity must include both these activities in their business processes and make sure that they work in unison. Missing out on one of them greatly decreases... Read more | Vulnerability | ||
|
2022-04-01 10:39:53 | Critical alert – Spring4Shell RCE (CVE-2022-22965 in Spring) (lien direct) | On March 31, 2022, a serious zero-day vulnerability was discovered in the Spring framework core, which is an open-source framework for building enterprise Java applications. The vulnerability, dubbed Spring4Shell (similar to Log4Shell) or Springshell, was identified as CVE-2022-22965 (at the time of writing, not yet... Read more | Vulnerability | ||
|
2022-03-14 08:54:29 | How often should you test your critical web applications? (lien direct) | When it comes to web application security, the concern is not whether you should test but, rather, how often you should test. Many people scan for web vulnerabilities using dedicated vulnerability scanners and perform manual analysis/penetration testing once per year. Some people do it once... Read more | Vulnerability | ||
|
2022-03-01 15:53:39 | Acunetix introduces IAST updates improving vulnerability and misconfiguration detection as well as scan coverage (lien direct) | A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.7.220228146 This Acunetix release introduces multiple IAST updates that will help detect several high severity vulnerabilities, provide full coverage for the newly supported web frameworks, and improve the detection of server-side misconfigurations.... Read more | Vulnerability | ||
|
2022-02-03 07:00:32 | What is server-side request forgery (SSRF)? (lien direct) | Server-side request forgery (SSRF) is the only type of vulnerability that has its own category in the OWASP Top 10 2021 list. Several major cybersecurity breaches in recent years, including Capital One and MS Exchange attacks, involved the use of SSRF as one of the break-in techniques. SSRF... Read more | Vulnerability | ★★★ | |
|
2021-12-23 14:56:16 | Log4j vulnerability resource center (lien direct) | Watch this space for the latest news and resources from Invicti on the Log4j crisis. Product update All Netsparker and Acunetix products now detect the CVE-2021-44228 Log4j-related vulnerability (known as Log4Shell or LogJam). More in our official statement. Our perspective Invicti President and COO Mark... Read more | Vulnerability | ||
|
2021-12-22 11:46:50 | Acunetix releases multiple updates to detect Log4j vulnerabilities (lien direct) | Over the past week, we have been busy updating Acunetix to detect Log4j vulnerabilities that have been making the headlines. Acunetix is detecting the CVE-2021-44228 vulnerability (Log4Shell) as an out-of-band vulnerability using the AcuMonitor service. In addition, the AcuMonitor service and Acunetix have been updated... Read more | Vulnerability | ||
|
2021-12-13 17:30:30 | Critical alert – Log4Shell (CVE-2021-44228 in Log4j) – possibly the biggest impact vulnerability ever (lien direct) | On December 10, 2021, a serious vulnerability was discovered in the Apache Log4j framework, which is commonly used by most Java installations. The vulnerability, dubbed Log4Shell or LogJam, was identified in the NVD as CVE-2021-44228 and, to quote one of Acunetix original creators and primary... Read more | Vulnerability | ||
|
2021-10-14 07:14:31 | Acunetix introduces support for Brotli encoding, IAST support for new Node.js frameworks, and many new vulnerability checks (lien direct) | A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.5.211008143. This Acunetix release introduces support for the Brotli encoding and URL optional fields. The Node.js IAST AcuSensor has been updated to support numerous frameworks and the JAVA IAST AcuSensor can now... Read more | Vulnerability | ||
|
2021-09-27 07:01:01 | Web vulnerability classes in the context of information security certifications (lien direct) | For certifications such as CISSP, CISA, Security+, CASP+, or CySA+, web vulnerability classes make up only a small part of the knowledge required to pass the exam. For instance, the CISSP exam evaluates the student's expertise in eight domains, and even advanced knowledge of subjects... Read more | Vulnerability | ||
|
2021-09-13 07:00:00 | What is HTTP header injection (lien direct) | The HTTP header injection vulnerability is a web application security term that refers to a situation when the attacker tricks the web application into inserting extra HTTP headers into legitimate HTTP responses. HTTP header injection is a technique that can be used to facilitate malicious... Read more | Vulnerability | ||
|
2021-08-18 09:32:24 | Acunetix introduces pre-request scripts, log data retention options, and many new vulnerability checks (lien direct) | A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.3.210816098. This Acunetix release introduces pre-request scripts that can be developed using the existing custom vulnerability scripts syntax, new log data retention options, and new vulnerability checks for Oracle E-Business Suite, Alibaba... Read more | Vulnerability | ||
|
2021-07-12 07:12:02 | Setting and achieving your application security goals (lien direct) | Ensuring application security and resilience is largely a technical endeavor. From source code development to vulnerability and penetration testing and all the variables in between, there are a lot of moving parts on the technical side. It's important, however, to remember the soft side of... Read more | Vulnerability | ||
|
2021-06-24 09:53:21 | What is SCA and why you need it (lien direct) | The security of your business depends not just on your code but on the entire supply chain, which includes third-party components. The more third-party components you use, the more likely it is that a vulnerability in your web application will be a result of third-party... Read more | Vulnerability | ||
|
2021-06-08 07:34:44 | RSA21 Security Weekly with Mark Ralls, Invicti President & COO (lien direct) | As part of the RSA Conference 2021, Mark Ralls, Invicti® President & COO, was interviewed by Security Weekly's Matt Alderman on the topic of the findings included in the Invicti AppSec Indicator Spring 2021 Edition: Acunetix® Web Vulnerability Report – the lost year in web... Read more | Vulnerability | ||
|
2021-05-18 07:00:13 | Sensitive data exposure – how breaches happen (lien direct) | The term sensitive data exposure means letting unauthorized parties access stored or transmitted sensitive information such as credit card numbers or passwords. Most major security breaches worldwide result in some kind of sensitive data exposure. Exploiting an attack vector such as a web vulnerability is... Read more | Vulnerability | ||
|
2021-05-13 07:00:10 | Ad-hoc scanning is not enough (lien direct) | A web vulnerability scanner is usually perceived as an ad-hoc tool. Initially, all vulnerability scanners were such tools and current open-source web application security solutions still follow that model. However, with a major increase in the complexity and availability of web technologies, the ad-hoc model... Read more | Vulnerability | ||
|
2021-05-04 13:20:28 | Acunetix introduces Docker support, scan statistics, and the ability to send vulnerabilities to the AWS WAF (lien direct) | A new Acunetix update has been released for Windows, Linux, and macOS: 14.2.210503151. This Acunetix update introduces Docker support, a new Scan Statistics page that is shown for each scan, and the ability to send vulnerability information to the AWS WAF. Customers sending vulnerabilities to... Read more | Vulnerability | ||
|
2021-04-13 11:44:10 | Most Common Security Vulnerabilities – Acunetix Web Application Vulnerability Report 2021 (lien direct) | Every year, Acunetix brings you an analysis of the most common web security vulnerabilities and network perimeter vulnerabilities. Our annual Web Application Vulnerability Report (now part of the Invicti AppSec Indicator) is based on real data taken from Acunetix Online. We randomly select websites and... Read more | Vulnerability | ||
|
2021-03-18 08:41:34 | Acunetix introduces web asset discovery, NLTM Auth support for proxy auth, multi-engine updates, and new vulnerability checks (lien direct) | A new Acunetix update has been released for Windows, Linux, and macOS: 14.1.210316110. This Acunetix update introduces web asset discovery, allowing Acunetix users to easily identify web assets, which might have been forgotten and which belong to their organization. In addition, the Acunetix UI now... Read more | Vulnerability | ||
|
2021-03-10 11:20:07 | How to Defend against Recent Attacks on Microsoft Exchange (lien direct) | The latest update of Acunetix Premium introduces a check for the primary Microsoft Exchange vulnerability that enables currently ongoing attacks. Microsoft warns against an organized criminal group known as Hafnium performing mass attacks against government and private entities, primarily in the United States. Initial reports... Read more | Vulnerability | ||
|
2021-02-23 09:12:32 | WAF Security – Getting the Most out of Your Web Application Firewall (lien direct) | Web application firewalls (WAFs) are one of many web application security solutions at your disposal. Unfortunately, buyers often don't understand their purpose and treat them as a direct replacement for other classes of tools, for example, web vulnerability scanners such as Acunetix. The two classes... Read more | Vulnerability | ||
|
2021-02-16 09:03:37 | Vulnerability Scanning Tools – Why Not Open-Source? (lien direct) | With the immense popularity of open-source software such as Linux, WordPress, or Magento, you might wonder why the situation is so different in the world of web application security. Let's try to compare open-source vulnerability scanners with commercial solutions and it will soon be clear... Read more | Vulnerability | ||
|
2021-02-03 08:10:05 | Acunetix update introduces Node.js AcuSensor, target knowledgebase, and multiple unrestricted access vulnerability checks (lien direct) | A new Acunetix update has been released for Windows, Linux, and macOS: 13.0.210129162. This Acunetix update introduces AcuSensor for Node.js and a feature called target knowledgebase, which holds data from past scans and helps improve future scans. We also made fully qualified domain names more... Read more | Vulnerability | ||
|
2021-01-19 08:47:11 | Scanning Authenticated Web Assets with the Login Sequence Recorder (lien direct) | Most web applications and websites require some form of authentication – either as a whole or in an area. Many web vulnerability scanners struggle with such authenticated web assets. While some scanners are able to detect standard authentication forms and mechanisms, in the case of... Read more | Vulnerability | ||
|
2020-12-18 10:03:03 | Acunetix update introduces support for macOS Big Sur, support for ShadowRoot, improved CSRF token handling, and new vulnerability checks (lien direct) | A new Acunetix update has been released for Windows and Linux: 13.0.200911154, and macOS: 13.0.201217092. This Acunetix update introduces support for macOS Big Sur, ShadowRoot, and includes a substantial improvement in the handling of CSRF tokens. It also introduces the detection of web cache poisoning... Read more | Vulnerability | ||
|
2020-12-03 08:39:48 | 5 Reasons Not to Rely on Bounty Programs (lien direct) | Congratulations! You've made the right decision to start a bounty program. Does that mean that you can maintain a secure posture without a web vulnerability scanner and manual penetration tests? And if not, why not? Many companies are jumping on the bounty program bandwagon and... Read more | Vulnerability | ||
|
2020-11-30 08:42:42 | Are You Keeping Up with Web Application Security? (lien direct) | Opinion: Almost every business that has computers buys an antivirus solution. However, relatively few businesses that have their own websites buy vulnerability scanners. I believe that most people don't buy solutions to protect their web applications not because they don't feel that it's necessary but... Read more | Vulnerability | ||
|
2020-11-26 21:56:17 | Scanning a Google OAuth 2.0 Web Application (lien direct) | One of the most important qualities of a professional web application vulnerability scanner is the ability to reach every part of the web application, including the protected areas. While many scanners struggle with this, Acunetix supports several authentication mechanisms and offers an easy way to... Read more | Vulnerability | ||
|
2020-11-19 09:07:45 | How To Benchmark a Web Vulnerability Scanner? (lien direct) | You've made the right decision to improve your web application security stance and perform regular web application scanning. However, there are several renowned web vulnerability scanners on the market and you have to choose one. How do you do that? As a first step, you... Read more | Vulnerability |
1
We have: 31 articles.
We have: 31 articles.
To see everything:
Our RSS (filtrered)
