In early 2021, attackers infiltrated SolarWinds software used by thousands of major businesses and organizations worldwide. This allowed malicious parties to access data owned by not just SolarWinds but everyone who used the SolarWinds solution. Such attacks are called supply chain attacks and yes, they... Read more The post How ... Read More

The term sensitive data exposure means letting unauthorized parties access stored or transmitted sensitive information such as credit card numbers or passwords. Most major security breaches worldwide result in some kind of sensitive data exposure. Exploiting an attack vector such as a web vulnerability is... Read more The post Sensitive ... Read More

A web vulnerability scanner is usually perceived as an ad-hoc tool. Initially, all vulnerability scanners were such tools and current open-source web application security solutions still follow that model. However, with a major increase in the complexity and availability of web technologies, the ad-hoc model... Read more The post Ad-hoc ... Read More

Opinion: DevOps are simply afraid of trying something new. They are used to Selenium tests that hog the pipelines and provide hard-to-interpret results but at the same time they often shun DAST testing, which is nowhere near as troublesome. Recently, I had an interesting discussion... Read more The post Are ... Read More

It is no secret that early security testing is beneficial. However, do you know how advantageous it is and what are the potential consequences of the lack of early testing? Here are 5 top benefits of early security testing along with the risks of late... Read more The post 5 ... Read More

The latest update of Acunetix Premium introduces a check for the primary Microsoft Exchange vulnerability that enables currently ongoing attacks. Microsoft warns against an organized criminal group known as Hafnium performing mass attacks against government and private entities, primarily in the United States. Initial reports... Read more The post How ... Read More

It is a common myth that early testing in the SDLC should be based on SAST and passive IAST tools. This myth has been repeated often by sources that do not follow the developments of web application security and are unaware of the evolution of... Read more The post World ... Read More

Will Acunetix remove vulnerabilities from my web application just as my antivirus does? Web application security vulnerabilities are very different from malware. They are programming bugs – introduced by the application creators themselves, not by malicious parties. Therefore, the only way to remove them is... Read more The post Frequently ... Read More

Web application firewalls (WAFs) are one of many web application security solutions at your disposal. Unfortunately, buyers often don’t understand their purpose and treat them as a direct replacement for other classes of tools, for example, web vulnerability scanners such as Acunetix. The two classes... Read more The post WAF ... Read More

With the immense popularity of open-source software such as Linux, WordPress, or Magento, you might wonder why the situation is so different in the world of web application security. Let’s try to compare open-source vulnerability scanners with commercial solutions and it will soon be clear... Read more The post Vulnerability ... Read More