How important is website security?

In an interview on Help Net Security, Acunetix’ Product Manager Nicholas Sciberras, illustrates why website security should be a priority in any organization. He talks about the challenges involved in auditing website security, illustrates the pros and cons of using remote vs. in-house security testing, and discusses his views on the future of web application security. Click […]

Read More →

Common Network Security Assessment Oversights

Network security assessments are one of the most critical exercises performed for minimizing business risks. Your time is limited. You’ve got pressure from management to get things done. There’s so much to do and not enough time to do it. Yet, network security assessments are not something to take lightly. At a minimum, make sure […]

Read More →

Making Web Security Part of your IT Governance Program

Moving past IT compliance, IT “governance” is becoming the new area of focus in enterprises today. With compliance often being a more tactical business function, IT governance tends to operate at a higher level, especially in larger organizations. Internal audit, legal, and boards of directors tend to be more involved in this governance aspect. Maybe […]

Read More →

How to Block Automated Scanners from Scanning your Site

This blog post describes how to block automated scanners from scanning your website. This should work with any modern web scanner parsing robots.txt (all popular web scanners do this). Website owners use the robots.txt file to give instructions about their site to web robots, such as Google’s indexing bot. The /robots.txt file is a text file, with one or more records, […]

Read More →

AcuMonitor could have Detected PayPal’s Blind XSS Vulnerability

Vulnerability-Lab, a Germany-based security research company, recently identified an application-side validation web vulnerability, which allows an attacker to inject code in his user profile. The injected code gets executed when a PayPal employee loads the user’s details on PayPal’s backend system. This type of vulnerability is better known as Blind Cross-Site Scripting (Blind XSS) vulnerability […]

Read More →