How scanners find vulnerabilities

How scanners find vulnerabilities

DAST vulnerability scanners are not that different from virus scanners. In both cases, the goal of the software is to find something out of the ordinary in the target. A virus scanner scans a computer’s local resources and storage to find potentially malicious software. A... Read more The post How ... Read More
How To Benchmark a Web Vulnerability Scanner?

How To Benchmark a Web Vulnerability Scanner?

You’ve made the right decision to improve your web application security stance and perform regular web application scanning. However, there are several renowned web vulnerability scanners on the market and you have to choose one. How do you do that? As a first step, you... Read more The post How ... Read More
DevSecOps with Acunetix – The Human Factor

DevSecOps with Acunetix – The Human Factor

 The old-school DevOps model, where the security team works in a silo, separated from agile development teams, introduces a lot of tensions. With such an organization, developers often perceive security analysts as the “bad cops” who make their life difficult. On the other hand,... Read more The post DevSecOps ... Read More
5 reasons why web security is important to avoid ransomware

5 reasons why web security is important to avoid ransomware

Ransomware has been a source of major problems for many organizations in recent years. Many of them, aware of this situation, attempt to concentrate their efforts on protecting themselves against this class of threats. This often means that they shift their budgets away from web... Read more The post 5 ... Read More
Would the Real IAST Please Stand Up?

Would the Real IAST Please Stand Up?

Opinion: The term Interactive Application Security Testing (IAST) is probably the vaguest in the world of application security testing. Any tool that extends beyond the traditional DAST or SAST model may use it – and many do. However, I feel that only AcuSensor truly deserves... Read more The post Would ... Read More
What Is the R.U.D.Y. Attack

What Is the R.U.D.Y. Attack

R.U.D.Y. (R-U-Dead Yet) is a denial-of-service attack tool. Unlike most DoS and DDoS attack tools, the R.U.D.Y. attack tool uses Layer 7 (it is an application layer attack). The attack technique of the R.U.D.Y. tool is very similar to the Slowloris attack. It uses slow... Read more The post What ... Read More
Web Application Security Testing in an Agile Software Development Life Cycle – A Technical Case Study

Web Application Security Testing in an Agile Software Development Life Cycle – A Technical Case Study

We’ve teamed up with Acme Corporation (name changed for privacy and security reasons) to bring you a very detailed look at how a medium-sized business managed to successfully include web security testing in their SDLC processes. Before introducing Acunetix, Acme had major problems with web... Read more The post Web ... Read More
What Top Web Attacks Can We Expect in the New OWASP Top 10?

What Top Web Attacks Can We Expect in the New OWASP Top 10?

The latest edition of the Open Web Application Security Project Top Ten was released in 2017, four years after the previous one. Therefore, we can expect that the new version of this cybersecurity report will be out sometime next year. Let us have a look... Read more The post What ... Read More
SAST Teaches How to Go Around Problems, Not Fix Them

SAST Teaches How to Go Around Problems, Not Fix Them

Opinion: SAST tools have one advantage – they point the developer to the root cause of the problem. However, this is also a major disadvantage. They don’t teach the developer about the consequences. They don’t teach the developer how to avoid making mistakes. As a... Read more The post SAST ... Read More
What Is Forced Browsing

What Is Forced Browsing

Forced browsing, also called forceful browsing, is an attack technique against badly protected websites and web applications, which allows the attacker to access resources that they should not be able to access. Such resources may contain sensitive information. Forced browsing is a common web application... Read more The post What ... Read More