Blind XSS: The Ticking Time Bomb of XSS Attacks

Blind XSS: The Ticking Time Bomb of XSS Attacks

What is Blind XSS? Blind XSS is a flavor of cross site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a … [+]

Lessons Learned From A Web Security Breach

Lessons Learned From A Web Security Breach

There’s a lot of focus on proactive security testing and rightly so. It’s the best way to stay out of hot water. But what happens when the going gets tough and you end up missing a vulnerability that leads to … [+]

Application security calls for a proactive approach

Application Security Calls For A Proactive Approach

Error! That’s something we don’t have much room for in application security. Yet we leave so much to chance. The only reasonable way to find the flaws that matter – and to keep up – is to use automated tools … [+]

The Top 5 Network Security Vulnerabilities that Are Often Overlooked

Top 5 Common Network Security Vulnerabilities that Are Often Overlooked

Your network security is just as important as securing your web site and related applications. Networks, because of the sensitive data they usually give access to, are one of the most targeted public faces of an organization. Here are the … [+]

Understanding the value of the OWASP Top 10 2013

Understanding the value of the OWASP Top 10 2013

Find out how IT security professionals can benefit from the free resources available from the OWASP Top 10 2013 List of Risks. As IT security professionals we certainly have our fair share of information available to simplify the work we … [+]

OWASP Updated the Top 10 Web Vulnerabilities for 2013 – Should I Bother?

OWASP Updated the Top 10 List of Risks for 2013 – Should I Bother?

Last week, the OWASP team officially updated the Top 10 list of risks so as to make it relevant for the web attack vectors identified in the last three years. The OWASP Top 10 summarizes and often combines web application vulnerabilities … [+]

Google Hacking Explained

Web Security Vulnerabilities Exposed by Google Searches (Google Hacking)

Google Hacking is a hacking technique used by hackers to identify web security vulnerabilities on web applications or gather information for general or individual targets. Mostly this information includes configuration and source code files, sensitive data, database information, etc. This … [+]

Responding to DoS attacks at the web layer

Are you ready to respond to DoS attacks at the web layer? In this article, Kevin Beaver shares an anecdote from his own experience whilst highlighting some important steps to take. First things first; responding to DoS attacks at the … [+]

Known vulnerabilities found in popular WordPress plugins

WordPress Caching Plugins Remote PHP Code Execution

Two very popular WordPress caching plugins: WP Super Cache (4,373,811 downloads) and W3 Total Cache (1,975,480 downloads) have been affected by a vulnerability that allows remote users to execute arbitrary PHP code. The affected versions are: WP Super Cache (version 1.2 and below, … [+]

new-acx-build-finds-wp-vulnerabilities

WordPress Attack Vectors and Open Amazon S3 Buckets Identified by Acunetix WVS

Recently there were a lot of news reports about an ongoing attack on sites using WordPress software. Attackers are using around 90,000 computers to try to brute force WordPress credentials. All these servers are trying common account names like admin, administrator, … [+]