Posts Tagged ‘Web Vulnerability Scanner’


E-SPIN delighted to announce the release of Acunetix Vulnerability Scanner version 10. The new version includes an improved Login Sequence Recorder for automatic scanning of login protected pages, extends support for Java Frameworks, Ruby on Rails and WordPress security scanning, and can use input from various web development and pen-testing tools.

New in Acunetix Vulnerability Scanner v10

  • ‘Login Sequence Recorder’ has been re-engineered from the ground-up to allow restricted areas to be scanned entirely automatically.
  • Now tests for over 1200 WordPress-specific vulnerabilities in the WordPress core and plugins.
  • Acunetix WVS Crawl data can be augmented using the output of: Fiddler .saz files, Burp Suite saved items, Burp Suite state files, HTTP Archive (.har) files, Acunetix HTTP Sniffer logs, Selenium IDE Scripts.
  • Improved support for Java Frameworks (Java Server Faces (JSF), Spring and Struts) and Ruby on Rails.
  • Increased web services support for web applications which make use of WSDL based web-services, Microsoft WCF-based web services and RESTful web services.
  • Ships with a malware URL detection service, which is used to analyse all the external links found during a scan against a constantly updated database of Malware and Phishing URLs.


Continue with E-SPIN long term tradition, two round of technology briefing for what news will be hold on following date, totally free of charge and fully sponsor by E-SPIN for existing channel partner and end user.


    • 28 July 2015 (Tuesday) Channel reseller partner track open for reseller partner understanding the what new and related go to market (GTM) channel support activities. Reseller interest to attend, please click here for registration.

Eventbrite - E-SPIN Complementary Acunetix 10 Technical Overview (Reseller Track)

    • 29 July 2015 (Wednesday) End user track open for end user company understanding the what new and related benefits of adoption, prepare for migration and upgrade. End user interest to attend, please click here for registration.

Eventbrite - E-SPIN Complementary Acunetix 10 Technical Overview (End User Track)

Contact us for any inquiry for the event or product information.

Acunetix also updating the features in the online version of the product, (Acunetix OVS). The new version includes automated scanning of login protected pages and extends support for Java Frameworks, Ruby on Rails and WordPress security scanning.

Modified Pricing Modules
Pricing for Acunetix WVS Enterprise and Consultant licenses have been changed. Licensing models are now limited to:

  • Enterprise 2 concurrent scans (perpetual and subscription)
  • Consultant 5 concurrent scans (perpetual and subscription)
  • Consultant 10 concurrent scans (perpetual and subscription)

Please note that:

  • Small Business Edition will no longer be supported
  • Both the Enterprise and Consultant licenses will include one year of free maintenance. Contact E-SPIN for further detailed.

Read Full Post »

Acunetix Web Vulnerability Scanner v9.5.x

Officially known as CVE-2014-6271, this vulnerability, cordially termed ShellShock, has been assigned the highest CVSS score of 10, a score that the notorious HeartBleed did not achieve. The high score is more than warranted. The vulnerability is very easy to exploit allowing pretty much every script kiddie to take control of a vulnerable server and execute arbitrary code.

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell. The first disclosed on the vulnerability on 24 September 2014. Many Internet daemons and services, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bah to execute arbitrary commands such as to gain unauthorised access to a computer system.

Acunetix has already been updated to identify web servers vulnerable to ShellShock. The next time you start Acunetix WVS latest version, you will be prompted to install an update, which includes detection of ShellShock.

For interest to know more about how it impact on business infrastructure, and how the E-SPIN carry solutions can help to resolve the case, please feel free to contact E-SPIN officers across the region.

Read Full Post »

Acunetix APAC Manager business visit E-SPIN Malaysia business centre

Acunetix APAC Region Sales Manager business visit E-SPIN Malaysia business center

Acunetix, developer of famous Acunetix Web Vulnerability Scanner (WVS), an automated and advanced manual web application security testing/penetration testing tool that audits your web applications by checking for exploitable hacking vulnerabilities, represented by Robert Padovani, APAC Regional Sales Manager visit to one of the E-SPIN Business Center located at Malaysia on last Friday (4 Oct 2013).

Vincent Lim, Group General Manager of E-SPIN Group of Companies and the members of staff, welcome Acunetix visit, since it symbol a step forward in consolidating the business relationship between both organizations. Robert is sharing Acunetix latest profile, insightful product information and latest corporate licensing. Vincent is on behalf of the company thank you for Acunetix visit and being active web application security product contribution in E-SPIN Vulnerability Management solution portfolio that include full range of best of breed vulnerability management, security audit and penetration testing.

Both parties is having local reference sites, customer and partner office visits. E-SPIN will organize Acunetix version 9 product briefing for the reseller channel partner and end user in the coming date.

Read Full Post »

Acunetix version 9

Acunetix web vulnerability scanner is recently launch the new version 9. It come with lot of handy features, from HTML5 and mobile sites support, new AcuMonitor services for better detection of hard to detect Blind XSS vulnerabilities and many more.

Please go thru the new features overview video below for some feature highlight.

E-SPIN is distribute the new version 9 installer for all the active maintenance support customers. Together is the how to perform new installation (screenshot guide), upgrading from previous version how to backup configuration guide articles.

Acunetix version 9 new installation SOP

FAQ How Can I Backup My Acunetix WVS Settings

How To Upgrade from Previous version of Acunetix Web Vulnerability Scanner

Read Full Post »

As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists.
Hackers are concentrating their efforts on web-based applications – shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases.
Firewalls, SSL and locked-down servers are futile against web application hacking!
Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, and right into the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers.

Acunetix – a worldwide leader in web application security
Acunetix has pioneered the web application security scanning technology: Its engineers have focused on web security as early as 1997 and developed an engineering lead in website analysis and vulnerability detection.
Acunetix Web Vulnerability Scanner includes many innovative features:

AcuSensor Technology

  • An automatic client script analyser allowing for security testing of Ajax and Web 2.0 applications
  • Industries’ most advanced and in-depth SQL injection and Cross site scripting testing
  • Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
  • Visual macro recorder makes testing web forms and password protected areas easy
  • Support for pages with CAPTHCA, single sign-on and Two Factor authentication mechanisms
  • Extensive reporting facilities including VISA PCI compliance reports
  • Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
  • Intelligent crawler detects web server type and application language
  • Acunetix crawls and analyzes websites including flash content, SOAP and AJAX
  • Port scans a web server and runs security checks against network services running on the server

Read Full Post »

Tenable Network Security, Inc., the leader in Unified Security Monitoring(USM), today announced the availability of the Nessus® 5.0 vulnerability scanner, new version of Industry’s Most Widely-deployed Vulnerability and Configuration Assessment Solution Enhances Usability, Policy Creation, Efficiency, and Communication.

“Version 5.0 builds on the solid foundation Nessus has established for quality and accuracy, and now makes it easier and faster to install and use.”

Nessus 5.0 delivers top-line business benefits by introducing enhancements that streamline and optimize each of the major phases of thevulnerability and configuration assessment process. Specific benefits include:


  1. Streamlined startup – New installation wizard and web interface ensure Nessus 5.0 is up-and-running, completely configured in minutes.
  2. Rapid policy creation – More than two dozen new plugin filters make it fast and easy to create policies for targeted scans. Selecting multiple filter criteria, such as, vulnerability publication date, public vulnerability database ID, information assurance vulnerability alert (IAVA), and more, makes it simple to identify easily-exploitable vulnerabilities.
  3. Industry-leading efficiency – Real-time scan results combined with on-the-fly filtering allow users to quickly see risk level and act upon vulnerability data without waiting for the scan to complete. One-click navigation makes it easy to jump from critical vulnerability to vulnerable host to the details of the vulnerability. Five severity levels quickly separate informational data from actionable results.
  4. Fully customizable reports – Multiple filters, results management, and new pre-configured report formats allow users to produce targeted reports tailored to fit the needs/interests of executives, systems administrators, and auditors. Users can also combine multiple report templates into a single, comprehensive report, which can be delivered in a variety of formats, including PDF.

LCE Version 4 introduces several new enhancements that speed results, optimize workflow, and improve system reliability including:

  1. Event Processing Speeds in Excess of 30,000 events per second give network, security, and compliance teams near-instant visibility, pinpointing threats and misconfiguration.
  2. ‘Smart’ Load Balancing goes beyond simple “round robin” server switching capabilities by automatically targeting new or underutilized servers when workloads increase. Users can dynamically add new instances of LCE that will aggressively accept workloads until it has caught up with its peers.
  3. Enhanced Event Full-text Search allows LCE users to identify specific events and network based activity by rapidly sifting through mountains of log data. 

These updates, along with additional functionality enhancements embedded in LCE Version 4.This integration delivers two key business benefits: 

  1. Cost Savings: Integration between log correlation and vulnerability management improves operational efficiency and reduces costs by eliminating the need for a standalone log management solution that requires additional staffing and financial resources.
  2. Rock-Solid Security:The integration of log correlation data with vulnerability intelligence results in streamlined compliance, faster and more reliable attack mitigation and detection, and deeper intelligence and reporting on existing and emerging risks. 

If you want to access to the full detailed topic over of the above information, please feel free to subscribe for our free newsletter and get access to the professional reading book: database security. The article is cater for vulnerabilities, threats, and compliance data, delivering real-time network vulnerability intelligence and threat correlation. 

For more information please visi





Read Full Post »

« Newer Posts