Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/26/2009
06:14 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Acunetix Upgrades Web Application Security Scanner

Acunetix WVS 6.5 performs file upload forms vulnerability checks'; also features new Login Sequence Recorder and Session Auto Recognition functionality

London 20th May 2009 - Acunetix (www.acunetix.com), a pioneer in web application security scanning technology, has announced new 'file upload forms vulnerability checks' in version 6.5, an industry first and only Web Vulnerability Scanner to scan web applications for this type of vulnerabilities. Robert Abela, Technical Manager at Acunetix said: "Modern and dynamic web applications allow users to upload images, videos, avatars and other types of files, which could lead to a number of new security issues. The more functionality provided to the end users, the more web developers are automatically opening new security holes which malicious users take advantage of. The new version of Acunetix WVS is specifically designed to help in securing modern web applications."

Other key features available with the latest version of Acunetix Web Vulnerability Scanner are the new Login Sequence Recorder, Session Auto Recognition functionality and improved cookie and session handling.

With the new Login Sequence Recorder and Session Auto Recognition module, Acunetix WVS can automatically login to a wider range of authentication forms using different authentication mechanisms, while with the improved cookie and session handling; Acunetix WVS is now able to scan a broader range of dynamic web applications effectively.

With this new set of features, Acunetix Web Vulnerability Scanner adapts easily and makes scanning of modern web applications an easy task, thus saving enterprises valuable time and money. It also helps in preventing hacker attacks; like the ones launched earlier this year against the Kaspersky support website and Twitter website. "Hackers are taking advantage of the broad functionality modern web applications provide to the end user. They can bypass file upload forms security checks to upload harmful files, which later can be used to compromise a web server or a legitimate user's computer. Acunetix Web Vulnerability Scanner helps web masters and developers check for vulnerabilities before web applications are available to the public, or before a malicious user finds them," added Abela.

Acunetix Web Vulnerability Scanner ensures website and web application security by automatically checking for SQL Injection, Cross site scripting and other vulnerabilities. It also scans for AJAX and other Web 2.0 technologies for vulnerabilities, analyses against Google Hacking Database (GHDB), and gives you detailed reports that enable business to meet legal and regulatory compliances. Acunetix WVS also features other advanced tools that permit fine tuning and help manual security audits of web applications security checks.

Acunetix Web Vulnerability Scanner is available in four editions: a Free edition, a Small Business edition, an Enterprise edition for businesses operating more than 1 website, and a Consultant edition.

The Free edition of Acunetix Web Vulnerability scanner can be downloaded from: http://www.acunetix.com/cross-site-scripting/scanner.htm

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of work by a team of highly experienced security developers. Acunetix is a privately held European company. For more information please visit:www.acunetix.com

Useful Links

File upload forms vulnerabilities whitepaper: http://www.acunetix.com/websitesecurity/file-upload-vulns.htm Acunetix Web Security Blog: http://www.acunetix.com/blog

Press Contact

Robert Abela [email protected] Tel.: +356 23168000

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1448
PUBLISHED: 2020-07-14
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.
CVE-2020-1449
PUBLISHED: 2020-07-14
A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.
CVE-2020-1450
PUBLISHED: 2020-07-14
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1451, CVE-2020-1456.
CVE-2020-1451
PUBLISHED: 2020-07-14
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1456.
CVE-2020-1454
PUBLISHED: 2020-07-14
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Re...