Web Security Tip of the Week: Understanding Why WordPress has Vulnerabilities

Web Security Tip of the Week: Understanding Why WordPress has Vulnerabilities

Did you know that if a system has an IP address or a URL, then it’s fair game for attack from a hacker? That’s been the universal law and it always will be. So why is it that WordPress security … [+]

Don’t Let Problems Stop You From Carrying Out Web Application Testing

Don’t Let Problems Stop You From Carrying Out Web Application Testing

Web security assessment success is directly related to the amount of preparation you do up front before you run a single web application test. It’s the 80/20 Rule: the 20 percent time and effort you put into planning for the assessment will represent … [+]

The Consequences of Having a Hacked Website

The Consequences of Having a Hacked Website

Cybercrimes are at an all time high, with hackers and identity thieves making a living from selling private or corporate data. If you have a hacked website, it can have far reaching repercussions especially if your website databases include your … [+]

Windows Short (8.3) Filenames - A Security Nightmare?

Windows Short (8.3) Filenames – A Security Nightmare?

Each time you create a new file on Windows, the operating system also generates an MS-DOS-compatible short file name in 8.3 format, to allow MS-DOS-based or 16-bit Windows-based programs to access files which have a long name. You can see these … [+]

Do You Scan with Network Security Controls Enabled or Disabled?

Do You Scan with Network Security Controls Enabled or Disabled?

As application security professionals, we want to get as much as possible out of our security assessments. We’re not only expected to but we’re proud of our work and want to provide the best results and most value possible. As … [+]

6.5 Million LinkedIn Hacked Passwords

6.5 Million LinkedIn Hacked Passwords

LinkedIn, one of the biggest professional social networks, has suffered a major breach of its user password database. The attack was confirmed on Wednesday afternoon by Vicente Silveira, Director at LinkedIn, and was followed by an apology to the affected … [+]

Web Security is Still a Problem...but It's Not What You Think

Web Security is Still a Problem…but It’s Not What You Think

Since I first got involved with information security I’ve been a strong proponent of focusing on the common sense basics. We all know what needs to be done yet I see fundamental web security problems in practically every assessment I … [+]

Using Acunetix Web Vulnerability Scanner as a Proxy Server

Using Acunetix Web Vulnerability Scanner as a Proxy Server

Among many advanced penetration testing tools provided, Acunetix Web Vulnerability Scanner (WVS) offers you the HTTP Sniffer tool. With the HTTP Sniffer you can capture, trap, analyze and even modify any HTTP traffic that the sniffer is listening to, e.g. … [+]

Mac Malware Underscores Why You Can’t Ignore Web Security Threats

Mac Malware Underscores Why You Can’t Ignore Web Security Threats

Looks like the Mac is finally getting what’s been coming: malware. And lots of it just recently with the Flashback infection that apparently impacted up to 700,000 Macs. We’ve all heard it from the Mac bigots: One of the main … [+]

Web Application Firewalls and the False Sense of Security They can Create

Web Application Firewalls and the False Sense of Security They can Create

Web Application Firewalls (WAFs) are an excellent last line of defense. Based on what I see in my testing they’re great at blocking both automated scans and granular exploits like Cross-Site Scripting and SQL injection. I recommend WAFs to clients … [+]