Scanning a large website very often takes a long time. Using the default settings, Acunetix Web Vulnerability Scanner will first try to identify all the pages using various crawling techniques, and will then proceed to scan the pages that have ... [+]
Are you ready to respond to DoS attacks at the web layer? In this article, Kevin Beaver shares an anecdote from his own experience whilst highlighting some important steps to take. First things first; responding to DoS attacks at the … [+]
I was recently contacted by a colleague in an information security leadership position who was concerned about his developers using some third-party plug-ins for an enterprise application they were rolling out. His developers wanted to install these third-party components in … [+]
On one end of the application security and IT audit spectrum we have people that overlook the obvious and critical stuff. But just as dangerously, on the other end of the spectrum we have people who want us to find … [+]
Incident response is the art (and science) of responding to computer security-related breaches. Interestingly, most organizations I deal with don’t have a documented incident response plan. The last thing you want to do during and after a security breach is … [+]
Can you believe it’s time again for those New Year’s resolutions? It’s always great to start the New Year with a fresh set of to-do items that you’re finally going to get around to doing. The problem, however, is that … [+]
You know the saying about riding a bicycle – do it once and you’ll remember it forever? That may be true for bicycles, but it’s certainly not the case when it comes to web security testing. The tools we use … [+]
Successful web security testing is not as simple as point and click. Unfortunately, many people treat it as such. The thought process goes something like this: 1. Load web vulnerability scanner. 2. Enter URL to scan. 3. Click Go. 4. … [+]
A client of mine recently asked me if I had any Web development related tips for dealing with Personally Identifiable Information (PII). With this being an information security 101 type question, I had to think about it for a bit. … [+]
You’ve heard me say that planning is half the battle with Web security assessments. I’m finding that more and more people are on board with thinking things through in advance but there’s still one area that’s not getting the attention … [+]
Do you ever get the feeling that something’s not quite right after you’ve performed an otherwise solid web security assessment? Well, as many of us have discovered, that nagging feeling in the pit of your stomach could be something as … [+]
