Acunetix calls for regular website auditing to guard against attackers’ new preferred flaw

London, England, UK -- (ReleaseWire) -- 09/19/2006 -- In recent years, buffer overflows topped the list as the most popular vulnerability used by hackers to compromise websites. However, the latest report from Mitre Corp., a US government funded research organization, clearly indicates that hackers are moving away from acts of vandalism to the more lucrative exploits of data theft. In fact, Cross-Site scripting and SQL Injection are now the most preferred hacking techniques used by hackers since these vulnerabilities allow access to such data as credit card details.

The Common Vulnerabilities and Exposures (CVE) project by Mitre, reported that out of the 4375 security issues catalogued in the first nine months of 2006, web-related flaws have captured the top three spots: 21.5 percent of the CVEs were cross-site scripting (XSS) vulnerabilities; 14 percent SQL Injection and 9.5 percent php "includes". Buffer overflows came fourth, at 7.9 percent.

The increasing popularity of XSS bugs indicates that attackers are concentrating more on programming languages typically used for Web applications, such as Java, .Net and PHP. Buffer overflows, on the other hand, affect executable files written in languages such a C.

Assessing the security of a website

This increase in Web-based flaws stems directly from the simplicity of exploiting such vulnerabilities as XSS, and the enormous number of web applications freely available. In general, websites with such web applications as shopping carts, forms, login pages and dynamic content are always a prime target for attack. This is because, web applications require open and direct access to backend databases to function properly. If improperly coded, these common applications become easy gateways to social security numbers, credit card details and even medical records.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. Furthermore, Acunetix protects against the embedding of Javascript malware in a web-page through its JavaScript Analyzer. Such protection secures all AJAX applications. Acunetix WVS also checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for a free audit by visiting www.acunetix.com/security-audit. Participating enterprises will receive a summary audit report showing whether their website is secure or not. Summary reports will be delivered within five business days of submission.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712, Fax: (+44) 0845 6126716
URL: http://www.acunetix.com.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Acunetix calls for regular website auditing to guard against the loss of personal sensitive data through web vulnerabilities

London, England UK -- (ReleaseWire) -- 09/06/2006 -- Last weekend, hackers pilfered the personal data of nearly 19,000 DSL equipment customers through a vulnerability in AT&T's online store. The affected site was shut down within hours of the attack being launched. In a statement, AT&T attributed the motive of the attack to a criminal market for illegally obtained personal information. In fact, the data also included customers' credit card details.

To-date, AT&T has not provided details about how the site was hacked, however some unconfirmed reports attribute the website being vulnerable to Cross Site Scripting (XSS).

This attack did not come without cost to AT&T. The company notified each customer by e-mail and is now working with law enforcement officials to track down the hacker. AT&T committed to pay for credit monitoring services to protect those customers purchasing Digital Subscriber Line (DSL) equipment online from possible fraud.

Assessing the security of a website

Websites with web applications such as shopping carts, forms, login pages and dynamic content, in general, are always a prime target for attack. To function fully, web applications require open and direct access to backend databases: if improperly coded, web applications become easy gateways to social security numbers, credit card details and even medical records. Hackers experiment heavily with a wide variety of techniques to lay their hands on this type of data since the pay-offs are enormous.

Acunetix WVS protects against these attacks including Cross Site Scripting and SQL Injection vulnerabilities. Furthermore, Acunetix protects against the embedding of Javascript malware in a web-page through its JavaScript Analyzer. Such protection secures all AJAX applications.

An automated check of AT&T's website (using Acunetix WVS) could have prevented this attack and saved the company from denting its reputation and the subsequent loss of customer trust.

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for a free audit by visiting www.acunetix.com/security-audit. Participating enterprises will receive a summary audit report showing whether their website is secure or not. Summary reports will be delivered within five business days of submission.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
URL: http://www.acunetix.com

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Acunetix scans for Cross-Site Scripting vulnerabilities preventing website defacement

London, UK -- (ReleaseWire) -- 07/28/2006 -- Netscape.com, an online social media website, has been hacked through a cross-site scripting (XSS) vulnerability in their recently launched news service. It is reported that the attack was launched by fans of Digg.com, a competing social networking website. The hackers used the XSS vulnerability to inject their own JavaScript code into the homepage and other pages on the site.

The hack was discovered by Finnish security vendor (F-Secure), during their research work around cross-site scripting vulnerabilities on social networking sites. Digg fans used cross-site scripting attacks to display JavaScript pop-up alerts with "comical" messages aimed at redirecting visitors to their site. Fortunately no malicious code was injected. Netscape released a statement yesterday afternoon stating that the vulnerability had been patched and that visitors are once again safe.

Acunetix Web Vulnerability Scanner automatically audits web applications and checks whether these applications are secure from exploitable vulnerabilities to such hack attacks as cross site scripting. Although Netscape has now fixed the flaw, an automated check of Netscape's website (using Acunetix WVS) could have prevented this attack and saved the company from denting its reputation and the subsequent loss of customer trust. Furthermore, hackers could have injected code aimed at stealing personal customer data rather than defacement. Most hackers, nowadays, attack websites because of the payoff from stealing such sensitive data as credit cards and social security numbers.

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for a free audit by visiting www.acunetix.com/security-audit. Participating enterprises will receive a summary audit report showing whether their website is secure or not. Summary reports will be delivered within five business days of submission.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
URL: http://www.acunetix.com

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Partnership with popular distributor introduces Acunetix Web Vulnerability Scanner to Japanese Companies

London, UK and Yokohama, Japan -- (ReleaseWire) -- 07/26/2006 -- Acunetix Ltd., a leading web security software company focused on helping enterprises secure their web applications, today announced a distribution agreement with Advanced Research Technologies, Inc. (ART). The agreement introduces Acunetix Web Vulnerability Scanner to the Japanese market.

"Applications that are available via the Web can fall prey to numerous new and disruptive hacking techniques," said Yasunobu KUDO, CEO and founder of ART. "Through the extensive features of the Acunetix Web Vulnerability Scanner, our goal is to ensure that business and customer data is never compromised. Our partnership with Acunetix will benefit Japanese companies tremendously."

"We are very pleased to partner with ART," noted Kevin J. VELLA, Vice President Sales and Operations for Acunetix. "Japan is a very important market to us and ART is the ideal gateway because of its deep knowledge of web security. We are confident their strong reseller, VAR and system integrator channels, are also the best way to introduce Acunetix WVS to Japanese companies."

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

About Advanced Research of Technologies, Inc. (ART)

Advanced Research of Technologies, Inc. (Japanese name; Sentan Gijutsu Kenkyusho) imports, markets and distributes computer and communication products into the Japanese market. The company has worldwide business networks with the United States, Europe, and Israel, and is managed by professional partners with a variety of experiences in different technologies, industries and markets. The company has close relationship with OEMs, resellers, VARs, systems and network integrators, Internet service providers, and large enterprise groups based on its own differentiated technical support systems. The company has headquarters in Yokohama, Japan. For more information, please visit http://www.ART-Sentan.co.jp.

All product and company names herein may be trademarks of their respective owners.

For more information:
Advanced Research of Technologies, Inc. (ART)
Tel: +81 45-978-1292
Email: KHB16427@nifty.ne.jp
URL: http://www.ART-Sentan.co.jp

Acunetix Ltd
Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
Email: Tamara Borg: tamara@acunetix.com
URL: http://www.acunetix.com.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Secure your web applications against SQL injection, XSS and other vulnerabilities with Acunetix WVS 4.0

London, UK -- (ReleaseWire) -- 07/13/2006 -- Acunetix, a leading web security software company, today announced the release of Acunetix Web Vulnerability Scanner version 4. This latest version provides a more comprehensive solution for enterprises wanting to detect exploitable website and web application vulnerabilities such as SQL Injection and Cross Site Scripting.

"This release comes at a time when hackers are launching more aggressive attacks on web applications. Some hackers have successfully compromised the websites of large companies such as Microsoft and Paypal and even accessed very personal and highly sensitive data of thousands of victims through government websites." says Nick Galea, CEO of Acunetix."

Acunetix Web Vulnerability Scanner provides protection by automatically auditing the security of websites. The software crawls an entire website, launches several web attacks (SQL Injection, Cross Site Scripting, Google hacking, etc.) and identifies vulnerabilities that need to be fixed, while proposing recommendations.

Web Applications: a hacker's backdoor entry to sensitive information

"Increasingly, businesses are becoming aware of the importance of securing websites to prevent hackers from gaining access to sensitive customer data, through poorly designed web applications. These web applications are prone to attack because they are accessible 24x7 and receive/deliver content directly from databases containing the data," reports Galea. "Standard network security provides no protection against web application attacks since these are launched on port 80 which has to remain open to allow regular operation of the business," he adds.

Chinks in the Armour

78% of financial services institutions (including banks, insurers and investment professionals) were attacked by hackers in the past year, according to Deloitte's annual 2006 Global Security Survey. This is in stark contrast with only 26% reported in 2005.
* In June this year, an unknown number of PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information. Hackers deceived their victims by injecting and running malicious code on the genuine PayPal website by using the Cross Site Scripting technique.
* Security researcher, Yash Kadakia, announced that Cross Site Scripting and CRLF (Carriage Return Line Feed) injection vulnerabilities found in MSN and Amazon sites could be used by hackers to gain access to Amazon.com and MSN accounts, or to display a fake login page for use in phishing attacks.

"The dramatic rise in web application hacks is denting online purchasing confidence and causing irreversible damage to businesses," remarks Galea. "That is why we are offering free security audits to any business with an online presence."

Acunetix WVS: New Features

The new Acunetix Web Vulnerability Scanner broadens the scope of vulnerability scanning by introducing advanced and highly rigorous heuristic technologies to tackle the complexities of today's web-based environments.

Javascript / AJAX application security scanning

Version 4 now adds the ability to check AJAX applications for security vulnerabilities. AJAX applications offer tremendous possibilities for extending the use of web applications, however they also require more stringent security checks. Acunetix WVS 4 now includes the industry's most advanced JavaScript analyzer to help companies keep their AJAX applications secure.

Other new new features include: Command Line Support, URL Rewrites, Custom Cookies Support and Enhanced Search, Scheduling, Logging and Reporting

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for a free audit by visiting www.acunetix.com/security-audit. Participating enterprises will receive a summary audit report showing whether their website is secure or not. Summary reports will be delivered within five business days of submission.

Pricing & Availability

Acunetix WVS is available as an enterprise or as a consultant version. A perpetual license to scan 1 website can be purchased for as little as $1,495, whereas a perpetual license to scan an unlimited amount of websites costs $4,995. For more information visit: http://www.acunetix.com/ordering/pricing.htm.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
URL: http://www.acunetix.com

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm

Acunetix WVS protects the loss of sensitive personal data due to XSS attacks

London, UK -- (ReleaseWire) -- 07/06/2006 -- A 16 year old Dutch student, Adriaan Graas, interested in Internet security and web development discovered a hack for the popular Hotmail free email service via a Cross Site Scripting attack. Microsoft, is reported to have been aware of this vulnerability for over a week but, at time of writing, has not yet fixed it.

Hacking hotmail via XSS
When logging into Hotmail, a cookie is created allowing continual access of the user while within the domain. Hackers may steal such cookies and produce fakes using such tools as Proxomitron. Since Hotmail cookies are not IP-bound, hackers do not need the password or the email address of the victim for logging in and accessing personal emails and other data. Through Cross Site Scripting (XSS) the hacker inserts JavaScript code that will send the fake cookie to a Web Server with a log script and the deed is done.

Vulnerabilities in MSN and Amazon left unfixed
Security researcher, Yash Kadakia, frustrated by a lack of response from Microsoft and Amazon.com, has gone public with details of flaws on MSN and Amazon. Similar to the Hotmail case, Cross Site Scripting and CRLF (Carriage Return Line Feed) injection vulnerabilities found in these sites could be used by hackers to steal "cookie" data files allowing them access to Amazon.com and MSN accounts, or to display a fake login page that could be used in phishing attacks.

Kadakia said he first notified Microsoft of the problem about a year ago but he wasn't taken seriously until late last week, when he posted screen shots of the flaw being exploited on his Web site. The Amazon.com flaw was discovered in December and to-date the vulnerability remains un-patched, according to Kadakia.

Sanitizing Web Applications
Acunetix Web Vulnerability Scanner automatically audits web applications and checks whether these applications are secure from exploitable vulnerabilities to such hack attacks as Cross Site Scripting and CRLF injection. An automated check of the Hotmail, Amazon and MSN websites (using Acunetix WVS) could pinpoint these and any other possible vulnerabilities before it is too late saving the popular companies from undue embarrassment, loss of reputation and customer trust, and any financial losses resulting from the attack.

Acunetix provides free audit to help companies determine the security of their websites
Enterprises who would like to have their website security checked can register for a free audit by visiting www.acunetix.com/security-audit. Participating enterprises will receive a summary audit report showing whether their website is secure or not. Summary reports will be delivered within five business days of submission.

About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting, CRLF injection and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.

About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
URL: http://www.acunetix.com.

For more information on this press release visit: http://www.releasewire.com/press-releases/release-3.htm