releases

Acunetix Web Vulnerability Scanner Product Releases

docs & FAQs

Acunetix technical documentation and FAQ

news

Acunetix Company and Web Security news, & Press Releases

events

Acunetix Webinars, Events and Training around the world

web security zone

Everything you need to know about Web Security

Home » Archive by Category

Articles in web security zone

There’s more to Web security than meets the eye
February 2, 2012 – 10:03 pm | No Comment
There’s more to Web security than meets the eye

When we talk about Web security, we typically think about the common OWASP-type elements: SQL injection, cross-site scripting, passwords, encryption and the like. That’s fine but those areas can’t be our only focus. There’s so …

To validate or not, is that the question?
January 19, 2012 – 9:08 pm | No Comment
To validate or not, is that the question?

Recently, a project manager I work with asked me if I had manually validated a set of security flaws I uncovered during a web security assessment. The flaws in question were related to the server …

The critical Web-based systems that are going untested and unsecured
January 5, 2012 – 8:51 pm | No Comment
The critical Web-based systems that are going untested and unsecured

I recently participated in a webinar aimed at helping physical security professionals, corporate security managers and others responsible for both physical and logical security. This is an area of security that doesn’t get near the …

Securing FTP Running on Your Web Server
December 23, 2011 – 7:39 pm | No Comment
Securing FTP Running on Your Web Server

I’ve had several questions from clients recently on how they can to secure FTP running on their web servers. The easy and short-sighted response would be “Are you nuts? You need to run FTP on …

Good Web Security Tools and Why They Matter
December 14, 2011 – 9:31 pm | No Comment
Good Web Security Tools and Why They Matter

Like chemists, carpenters and doctors, those of us working in IT need good tools if we’re expected to do a good job. When dealing with application security, good security testing tools will always set the …

Why You Need Intruder Lockout
December 1, 2011 – 11:11 pm | No Comment
Why You Need Intruder Lockout

It’s a very predictable web security flaw — in fact, it’s something I find in the majority of my web security assessments: the lack of intruder lockout on login pages. I know, with all the …

Don’t Forget Your Marketing Website Security
November 9, 2011 – 10:37 pm | No Comment
Don’t Forget Your Marketing Website Security

I recently read about a marketing agency that experienced a security breach and subsequent defacement of its customers’ websites. Apparently their developers had misconfigured the web server and unknowingly gave the whole world access to …

Why people violate security policies
November 2, 2011 – 9:30 pm | One Comment
Why people violate security policies

Many organizations have a formal set of information security policies covering everything from acceptable internet usage to security in software development to web application security. In fact, it’s hard to come across a business today …

Not All Web Vulnerability Scans Are Created Equal
October 27, 2011 – 9:10 pm | No Comment
Not All Web Vulnerability Scans Are Created Equal

Recently a client of mine sent over the results of a web vulnerability scan that one of their customers had run against their production web environment. My client was curious why the results of this …

VIDEO: How Cross-Site Scripting (XSS) Works
October 12, 2011 – 9:30 pm | 5 Comments
VIDEO: How Cross-Site Scripting (XSS) Works

XSS vulnerabilities (Cross-Site Scripting vulnerabilities) are often overshadowed by their big cousin, the infamous SQL Injection. This does not make them any less effective or deadly. XSS and SQL Injection attacks are similar in the …