Recommendations for TLS/SSL Cipher Hardening

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL) are widely used protocols designed secure the transfer of data between the client and the server through authentication, encryption and integrity. Contrary to common assumptions TLS/SSL is a not only a widely used technology in websites and web applications ... Read More
Cyber Threats vs Vulnerabilities vs Risks

Cyber Threats vs Vulnerabilities vs Risks

/ / articles, Web Security Zone
It’s common for terms such as cyber threats, vulnerabilities and risks to be conflated and confused. This post aims to define each term, highlight how they differ and how they are related to one-another. Cyber Threats Cyber threats, or simply, threats refer to circumstances or events with the potential to ... Read More
Cross-site Flashing (XSF) WordPress Vulnerability, Unpatched and Exploitable

Cross-site Flashing (XSF) WordPress Vulnerability, Unpatched and Exploitable

/ / articles, Web Security Zone
WordPress, the content management system powering north of 28% of websites on the Internet, is certainly no stranger to providing timely security patches to its hundreds of millions of users when security researchers report them. This time however, things took a slightly different turn — Enguerran Gillier, a security researcher ... Read More
Acunetix Security Hardening Guide

Acunetix Security Hardening Guide

/ / Docs & FAQs
The following guide provides a series of recommendations for improving the security (“hardening”) of your Acunetix On Premise installation. 1. Update to the current version It is recommended that you always run the latest version of Acunetix. Additionally, Acunetix periodically publishes updates, which may include fixes for known security vulnerabilities ... Read More
REST API Security Testing with Acunetix

REST API Security Testing with Acunetix

/ / articles, Web Security Zone
RESTful (or simply, REST) APIs and web services are continually becoming a core part of modern web applications thanks to the simplicity, scalability and flexibility they provide. Security vulnerabilities in REST APIs expose the same risks as traditional websites and web-applications, however, some characteristics of REST APIs make it challenging ... Read More
DAST vs SAST: A Case for Dynamic Application Security Testing

DAST vs SAST: A Case for Dynamic Application Security Testing

/ / articles, Web Security Zone
For anyone new to the alphabet soup of application security industry lingo, fear not, it’s easy to wrap one’s head around. DAST (Dynamic Application Security Testing) is a black-box security testing methodology in which an application is tested from the outside in by examining an application in its running state ... Read More
The difference between Vulnerability Assessment and Penetration Testing

The difference between Vulnerability Assessment and Penetration Testing

/ / articles, Web Security Zone
Many information security professionals are familiar with the terms ”‘vulnerability assessment” and “penetration testing” (“pentest” for short). Unfortunately, in many cases, these two terms are incorrectly used interchangeably. This post aims to clarify differences between vulnerability assessment and penetration testing, demonstrate that both are integral components of a well-rounded vulnerability ... Read More
What is Black-box Security Testing?

What is Black-box Security Testing?

Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings. Essentially, black-box testing takes an approach similar to that of a real ... Read More
Using Client Certificates in Acunetix

Using Client Certificates in Acunetix

/ / Docs & FAQs
In most TLS handshakes, the client authenticates the server, therefore, the client knows that the server is who it says it is, but the server doesn’t know much about the client. In most cases, this is fine — authentication via credentials is enough in many cases, however, some web applications ... Read More
How to enable Email Notifications in Acunetix On Premise

How to enable Email Notifications in Acunetix On Premise

/ / Docs & FAQs
While Acunetix provides us with a realtime dashboard and scan results, sometimes, you may simply want to be notified when an event that requires your attention occurs, for example, when a scan completes. In Acunetix On Premise, you’ll need to configure an SMTP server that will be used to deliver ... Read More
Loading...