Understanding the value of the OWASP Top 10 2013

Understanding the value of the OWASP Top 10 2013

Find out how IT security professionals can benefit from the free resources available from the OWASP Top 10 2013 List of Risks. As IT security professionals we certainly have our fair share of information available to simplify the work we … [+]

OWASP Updated the Top 10 Web Vulnerabilities for 2013 – Should I Bother?

OWASP Updated the Top 10 List of Risks for 2013 – Should I Bother?

Last week, the OWASP team officially updated the Top 10 list of risks so as to make it relevant for the web attack vectors identified in the last three years. The OWASP Top 10 summarizes and often combines web application vulnerabilities … [+]

Google Hacking Explained

Web Security Vulnerabilities Exposed by Google Searches (Google Hacking)

Google Hacking is a hacking technique used by hackers to identify web security vulnerabilities on web applications or gather information for general or individual targets. Mostly this information includes configuration and source code files, sensitive data, database information, etc. This … [+]

Responding to DoS attacks at the web layer

Are you ready to respond to DoS attacks at the web layer? In this article, Kevin Beaver shares an anecdote from his own experience whilst highlighting some important steps to take. First things first; responding to DoS attacks at the … [+]

Known vulnerabilities found in popular WordPress plugins

WordPress Caching Plugins Remote PHP Code Execution

Two very popular WordPress caching plugins: WP Super Cache (4,373,811 downloads) and W3 Total Cache (1,975,480 downloads) have been affected by a vulnerability that allows remote users to execute arbitrary PHP code. The affected versions are: WP Super Cache (version 1.2 and below, … [+]

new-acx-build-finds-wp-vulnerabilities

WordPress Attack Vectors and Open Amazon S3 Buckets Identified by Acunetix WVS

Recently there were a lot of news reports about an ongoing attack on sites using WordPress software. Attackers are using around 90,000 computers to try to brute force WordPress credentials. All these servers are trying common account names like admin, administrator, … [+]

Did you know that there are risks associated with third-party software?

The Risks Associated with Third-Party Software Components

I was recently contacted by a colleague in an information security leadership position who was concerned about his developers using some third-party plug-ins for an enterprise application they were rolling out. His developers wanted to install these third-party components in … [+]

"Social Media Widget" Adds New Undocumented Feature – Spam Injection

“Social Media Widget” Adds New Undocumented Feature – Spam Injection

WordPress.com have removed the rather popular Social Medial Widget (nearly a million downloads) from the plugin repository. The most recent version of the plugin was found to be injecting spam messages with the social media icons on the sites using … [+]

What do you do when you can't find every web vulnerability?

What Happens when you can’t Find Every Web Vulnerability?

On one end of the application security and IT audit spectrum we have people that overlook the obvious and critical stuff. But just as dangerously, on the other end of the spectrum we have people who want us to find … [+]

Make sure if your security appliance is hackable or not with Acunetix

Is Your Security Appliance Hackable?

In the late 90’s, businesses embraced the internet; they connected their networks and servers to the internet so their data can be accessed from anywhere around the world. This was a new era that gave businesses the opportunity to grow … [+]