A groundbreaking data protection and disaster recovery solution for VMware vSphere 4 and VMware Infrastructure 3 that combines backup and replication in one product. Contact a Veeam Specialist or go to the Alliance Veeam Virtualization Solutions Center
Veeam Backup & Replication 4 offers a major breakthrough in full and incremental backup speeds. Using technological advancements within VMware vSphere 4 and the VMware vStorage APIs for data protection, Veeam customers experienced the following benefits derived from native support of thin provisioned disks and changed block tracking
Why Veeam is #1
for data protection:
•2-in-1: Backup and replication combined
•Full ESXi support with & without VCB
•Heterogeneous file-level recovery in seconds
(Windows, Linux, UNIX, BSD, etc.)
•Enterprise Management Console NEW
•Native support for vSphere NEW
•Database-consistent backup for application
recovery
•Reduced storage costs with data de-duplication
•Near-CDP replication at a fraction of the cost NEW
•Replica rollback
Veeam has developed patent-pending technology that will allow you to verify the recoverability of every backup—for every virtual machine (VM), every time. It’s the latest innovation in our SureBackup™ approach to data protection. So instead of just hoping that you can recover from a backup, you’ll actually know that you can—because you already did so as a routine part of the backup process.
The Veeam Backup and Replication software will automatically test the backup for you by directly mounting the compressed backup file, to an ESX host and verifying the backup. So now you can test every backup instead of test a couple a week.
Veeam has introduced a new technology named SureBackup. SureBackup is designed to not only use Veeam’s Backup technology to backup your virtual machines (VMs) but will also test the restoration of each of these VMs to ensure that they at least boot and at most the applications involved are actually running within the VM. This is a great improvement over current backup methodologies which consists of by hand testing of only a scant number of virtual machines to ensure restorations result in boot-able virtual machines. The full test of restorability almost always happens during a disaster situation when everyone is under a fair amount of pressure. The current backup and restoration testing follows this path: •Quiesce the virtual disk employing VSS or other technologies •Backup the virtual disk•Copy the virtual disk to offline storage (tape, blu-ray, dvd, hot-site, remote disk array, etc.) •Choose some of the VMs for by hand restoration (perhaps rotating through all VMs eventually) •Restore chosen VMs into a testing pool (by hand) •Verify that the chosen VMs boot (by hand) •Verify that the chosen VMs applications work (by hand) What is interesting is that the last 3 steps often do not happen and per backup schedule do not test ALL the virtual machines, instead a select number of them. However, this situation now changes. These last three steps may also have an additional license cost if running Microsoft Windows operating systems as the Microsoft EULA is based on running instance of the operating system which includes any restoration testing performed by hand or process. Introducing Veeam SureBackup Veeam Surebackup takes those last three steps and automates them so that every VMs restoration is tested. How much testing depends entirely on how SureBackup is configured. You can easily test to ensure all VMs restore and boot out of the box. You can also verify the integrity of certain applications out of the box. You can also add your own scripts to SureBackup to test other non-standard applications as well. Since this is an automated task, human error is no longer an issue, the process is repeatable, and best yet, all VMs are tested to ensure restoration happens properly before you need it, preventing issues during the high pressured disaster recovery situation. Veeam SureBackup can restore VMs on local systems, hot-site systems, or dedicated systems. VMs are restored into private virtual networks within specific resource pools so that your systems can be configured to lower the overall impact of restoration testing. Backups take quite a while when you have 1000s of VMs, so incrementatl backups and Change Block Tracking is available to reduce this time. Backup takes quite a bit of disk space so data and disk de-duplication can be used. Restoration testing takes personal and system resources to complete, now SureBackup can alleviate much of these resource utilizations but not licensing issues.
Can I scan a website that uses URL rewrite without specifying URL rewrite rules in Acunetix Web Vulnerability Scanner?
Submitted by Robert Abela on February 3, 2010 to the Acunetix Web Vulnerability Scanner Blog
Although it is not a suggested operation, yes, you can still scan a website which has URL rewrite enabled without specifying any URL rewrite rules in Acunetix Web Vulnerability Scanner. Unlike other scanners, Acunetix WVS will advise you once it detects that the target website has URL rewrite enabled (as shown in the below screen shot). The automatic notification can be switched off by un-ticking the option ‘Warn user if URL rewrite is detected’ from the Site Crawler settings node.
If you do not specify any URL rewrite rules in the URL Rewrite settings node, the chances are that the scan results will include a number of false positives, and some of the inputs on the target website will not be identified. Hence it will result in an incomplete and invalid scan.
If for some reason you do not want to, or cannot import the URL rewrite rules in Acunetix WVS, disabling the following security checks will help reduce the number of reported false positives and avoid infinite scan loops during a scan;
To disable the above security checks, navigate to the Configuration > Scanning Profiles node, and un-tick these tests from the scanning profile of your choice, as highlighted in the below screen shot.
NEW Veeam Backup & Replication 4 offers a major breakthrough in full and incremental backup speeds. Using technological advancements within VMware vSphere 4 and the VMware vStorage APIs for data protection, Veeam customers experienced the following benefits derived from native support of thin provisioned disks and changed block tracking:
10+ times faster for incremental backups
Up to 5 times faster for full backups
80% lower cost for near continuous data protection (CDP) compared with traditional CDP
Up to 30 percent lower storage costs
Increased reliability by leveraging the latest vStorage technology
Veeam Backup & Replication is the first enterprise-ready solution that combines backup and replication in a single product for fast recovery of your VMware ESX and ESXi environment.
Veeam offers the most innovation and value in data protection—for organizations of all shapes and sizes. With the upcoming release of Veeam Backup & Replication 5.0, Veeam will introduce a new Enterprise Edition for those who need the highest levels of automation, flexibility, and assurance. Enterprise Edition includes:
Automated recovery verification. Verify the recoverability of every backup, of every VM, every time with SureBackup™.
Universal application-item recovery. Restore individual emails, records, or objects from any virtualized application—without agents or special backups.
Archive indexing. Search for Windows guest files in current and archived backups.
Buy Veeam Backup & Replication by June 18, and upgrade to Enterprise Edition free when 5.0 is released. That’s a savings of $300 per CPU socket.
Already own Veeam Backup & Replication?
If you’re current on maintenance, you can also get Enterprise Edition free. It’s our way of saying “thank you” for being a loyal Veeam customer.
Which Vulnerabilities does Acunetix Web Vulnerability Scanner Check for?
Acunetix WVS automatically checks for the following vulnerabilities among others:
Version Check
Vulnerable Web Servers
Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
CGI Tester
Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
Verify Web Server Technologies
Parameter Manipulation
Cross-Site Scripting (XSS) – over 40 different XSS variations are tested.
SQL Injection
Code Execution(Unix and Windows)
Directory Traversal (Unix and Windows)
File Inclusion
Script Source Code Disclosure
CRLF Injection
Cross Frame Scripting (XFS)
PHP Code Injection
XPath Injection
Full Path Disclosure
LDAP Injection
Cookie Manipulation
Arbitrary File creation (AcuSensor Technology)
Arbitrary File deletion (AcuSensor Technology)
Email Injection (AcuSensor Technology)
File Tampering (AcuSensor Technology)
URL redirection
Remote XSL inclusion
MultiRequest Parameter Manipulation
Blind SQL/XPath Injection
File Checks
Checks for Backup Files or Directories – Looks for common files (such as logs, application traces, CVS web repositories)
Cross Site Scripting in URI
Checks for Script Errors
File Uploads
Unrestricted File uploads Checks
Directory Checks
Looks for Common Files (such as logs, traces, CVS)
Discover Sensitive Files/Directories
Discovers Directories with Weak Permissions
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
HTTP Verb Tampering
Text Search
Directory Listings
Source Code Disclosure
Check for Common Files
Check for Email Addresses
Microsoft Office Possible Sensitive Information
Local Path Disclosure
Error Messages
Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)
Weak Passwords
Weak HTTP Passwords
GHDB Google Hacking Database
Over 1200 GHDB Search Entries in the Database
Port Scanner and Network Alerts
Port scans the web server and obtains a list of open ports with banners
Performs complex network level vulnerability checks on open ports such as:
DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
Security and configuration checks for badly configured proxy servers
Checks for weak SNMP community strings and weak SSL cyphers
and many other network level vulnerability checks!
Other vulnerability tests may also be preformed using the manual tools provided, including:
Input Validation
Authentication attacks
Buffer overflows
Blind SQL injection
Sub domain scanning
Although it is not a suggested operation, yes, you can still scan a website which has 
