How to scan an HTTP password protected area

There are 2 types of password protected areas: HTTP Password protected areas: These are generally managed by the web server, and the user is prompted with a password dialog. Form-based restricted areas: This type of authentication is handled by the web application. The credentials are requested using a web form. This article explains how to […]

Read More →

Analysing the latest trends in web application attacks

A recent study by a leading web application security vendor has highlighted some interesting statistics about web application attacks. Some of the findings examined below should enable web security practitioners to better anticipate, identify and act against cyber threats. Threat Growth One of the unsurprising news items is that web application attacks have increased in […]

Read More →

Critical Drupal SQL Injection vulnerability

Drupal has released a HIGHLY CRITICAL security advisory¬†for its latest version of the popular content management system, urgently advising users to update to Drupal 7.32 or install a patch to fix the vulnerability. The vulnerability, reported by Stefan Horst from SektionEins GmbH, allows for unauthenticated users to gain full control of the database, and to […]

Read More →

Recommendations for TLS/SSL Cipher Hardening

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL) are widely used protocols designed secure the transfer of data between the client and the server through authentication and encryption and integrity. Contrary to common assumptions TLS/SSL is a not only a widely used technology in websites and web applications (using the HTTP protocol), […]

Read More →

10 tips to secure your Apache installation

Apache is one of the most popular web servers. As of September 2014, it is used to host 55.7% of the top 1 million websites. It is also often described as one of the most secure web servers. In this article, I shall describe some configuration changes that will harden your Apache’s configuration. Ensure that […]

Read More →