Cyber Threats vs Vulnerabilities vs Risks

It’s common for terms such as cyber threats, vulnerabilities and risks to be conflated and confused. This post aims to define each term, highlight how they differ and how they are related to one-another. Cyber Threats Cyber threats, or simply, threats refer to circumstances or events with the potential to cause harm by way of Read More → The post Cyber Threats vs Vulnerabilities vs Risks appeared first on Acunetix.
Read more

Cross-site Flashing (XSF) WordPress Vulnerability, Unpatched and Exploitable

WordPress, the content management system powering north of 28% of websites on the Internet, is certainly no stranger to providing timely security patches to its hundreds of millions of users when security researchers report them. This time however, things took a slightly different turn — Enguerran Gillier, a security researcher discovered and disclosed a Cross-site Read More → The post Cross-site Flashing (XSF) WordPress Vulnerability, Unpatched and Exploitable appeared first on Acunetix.
Read more

Acunetix Security Hardening Guide

The following guide provides a series of recommendations for improving the security (“hardening”) of your Acunetix On Premise installation. 1. Update to the current version It is recommended that you always run the latest version of Acunetix. Additionally, Acunetix periodically publishes updates, which may include fixes for known security vulnerabilities. By default Acunetix is set Read More → The post Acunetix Security Hardening Guide appeared first on Acunetix.
Read more

REST API Security Testing with Acunetix

RESTful (or simply, REST) APIs and web services are continually becoming a core part of modern web applications thanks to the simplicity, scalability and flexibility they provide. Security vulnerabilities in REST APIs expose the same risks as traditional websites and web-applications, however, some characteristics of REST APIs make it challenging for automated web security scanners Read More → The post REST API Security Testing with Acunetix appeared first on Acunetix.
Read more

DAST vs SAST: A Case for Dynamic Application Security Testing

For anyone new to the alphabet soup of application security industry lingo, fear not, it’s easy to wrap one’s head around. DAST (Dynamic Application Security Testing) is a black-box security testing methodology in which an application is tested from the outside in by examining an application in its running state and trying to attack it Read More → The post DAST vs SAST: A Case for Dynamic Application Security Testing appeared first on Acunetix.
Read more

The difference between Vulnerability Assessment and Penetration Testing

Many information security professionals are familiar with the terms ”‘vulnerability assessment” and “penetration testing” (“pentest” for short). Unfortunately, in many cases, these two terms are incorrectly used interchangeably. This post aims to clarify differences between vulnerability assessment and penetration testing, demonstrate that both are integral components of a well-rounded vulnerability management program, and discuss when Read More → The post The difference between Vulnerability Assessment and Penetration Testing appeared first on Acunetix.
Read more

What is Black-box Security Testing?

Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings. Essentially, black-box testing takes an approach similar to that of a real attacker. Since black-box security testing Read More → The post What is Black-box Security Testing? appeared first on Acunetix.
Read more

Using Client Certificates in Acunetix

In most TLS handshakes, the client authenticates the server, therefore, the client knows that the server is who it says it is, but the server doesn’t know much about the client. In most cases, this is fine — authentication via credentials is enough in many cases, however, some web applications require that the client also Read More → The post Using Client Certificates in Acunetix appeared first on Acunetix.
Read more

How to enable Email Notifications in Acunetix On Premise

While Acunetix provides us with a realtime dashboard and scan results, sometimes, you may simply want to be notified when an event that requires your attention occurs, for example, when a scan completes. In Acunetix On Premise, you’ll need to configure an SMTP server that will be used to deliver these notifications. Note – In Read More → The post How to enable Email Notifications in Acunetix On Premise appeared first on Acunetix.
Read more

Issue Tracker Integration with Acunetix

An Issue tracker such as Atlassian JIRA, GitHub and Microsoft TFS ia a powerful and essential tool in the Software Development Life Cycle (SDLC) of almost any software project. It helps development teams streamline collaboration and manage their work without getting lost in an endless stream of emails and PDF reports. It is therefore a Read More → The post Issue Tracker Integration with Acunetix appeared first on Acunetix.
Read more