Feeds:
Posts
Comments

Archive for June, 2016

McAfee Configuration Control

For those who can not join us for the full day Training session, please see the summary and highlight clip for the event.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Advertisements

Read Full Post »

Immunity Innuendo

For those who can not join us for the full day Training session, please see the summary and highlight clip for the event.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

SecurityCenter Continuous view

For those who can not join us for the full day Training session, please see the summary and highlight clip for the event.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

McAfee Apllication Data Monitor

For those who can not join us for the full day training session, please see the summary and highlight clip for the event.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

E-SPIN_Acunetix-Advanced

For those who can not join us for the full day Acunetix Advanced Training session, please see the summary and highlight clip for the event.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

solarwinds UDT

For those who can not join us for the end user and channel partner product seminar session, please see the summary and highlight clip for the event.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

Acunetix_Advanced_Integration_Development

For experience Acunetix and web vulnerability scanner (WVS) will know. It spider or crawler is based on if you can detect the link (or hidden link), then it can perform correct and accurate application security testing.  Remember, it can’t crawl what is not linked.

The key challenges remain on Custom web application and RESTful web services, the way a web application or a web service is structured does not provide the crawler with links or references that can allow it to crawl the entire application.

For instance, If the page ‘/secret_admin’ (for Custom develop webapp) was not linked from anywhere in the site structure of the website or web application being crawled, it will never be picked up by the crawler, and what isn’t crawled can’t be scanned because the scanner simply does not know the page exists.

This is even more common when you test RESTful web services that do not use a WADL definition. A WADL definition is a description of the web service (like WSDL is to SOAP) and when supplied to Acunetix WVS, it eliminates the need for crawling.

So,  Acunetix WVS version 10 onward introduces the ability to import results from its own HTTP Sniffer (.SLG) as well as other external tools such as Portswigger Burp Suite (Burp Suite XML), Telerik Fiddler (.SAZ) and any tool that can export an HTTP Archive file (.HAR). By doing so, it provide the option in particular for pentesters to further extend their manual testing workflow and automate more for the advanced security testing process, allowing more time and focus for discovering logical vulnerabilities.

 

Same as well for business logic testing, you can extend it by crawl and scan complex Business Logic-driven applications through consumption of Selenium IDE test cases and continue the workflow inside Acunetix Web Vulnerability Scanner.

This 3rd party tools support and integration, will extend advanced users and reach for more manual application security testing possibility.

Another key area for concern is to develop custom vulnerability test for the custom built or inhouse built webapplication or portal application. This can be achieve with make use of Acunetix command line interface, XML export, Vulnerability Editor, Acunetix SDK to develop your very own custom vulnerability test.

 

E-SPIN being active promoting and support Acunetix since version 4, along the years for support, E-SPIN gain insightful first hand experience from consulting work, integration work for SDLC and 3rd party tools – scanning, vulnerability exploit testing, validation, WAF integration etc. E-SPIN please to conduct a special Acunetix Advanced hand on workshop training for existing Acunetix experience users, security professionals, penetration testers how to extend it for the advanced usage scenario and context.

 

For more about the advanced training and content, please direct surf from the event link for detail.

goo.gl/78MZrH

 

Read Full Post »