The costs of security bugs and why automated testing can help

A report accompanied with a rating taxonomy aimed to help researchers and customers to determine appropriate payouts for bugs found by researchers in bug bounty programs has recently been released by Bugcrowd. These tools, especially the Vulnerability Rating Taxonomy (VRT), which details a number of vulnerabilities, classified by severity, are not only useful in the […]

Read More →

What’s new in CVSS version 3

The Common Vulnerability Scoring System (CVSS) is an open standard for assessing the severity of security vulnerabilities, designed in such a way that makes it independent from any vendor or industry. In our previous blog post, we discussed CVSS v3 and how Acunetix provides support for it. In this post, we will be exploring CVSS […]

Read More →

Cybersecurity National Action Plan: Obama Outlines Plans to Spend $19 billion on Cybersecurity

On February 9th President Obama announced the Cybersecurity National Action Plan, including steps such as establishing a cybersecurity commission, introducing new safeguarding measures and supporting both companies and consumers in strengthening their own security. He’s also put the money where his mouth is and backed this up by reserving $19billion of spending to implement the […]

Read More →

Joomla! Security Tips: Securing Configurations

Heads up — Depending on your web server’s configuration for active extensions, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers Prevent Directory Listing Directory Listing occurs when the web server does not find an index file (i.e. […]

Read More →

In the headlines: Malwarebytes, eBay vulnerability, NASA hack, Waitrose website holes and more

Malwarebytes found to have four vulnerabilities Malwarebytes, a free anti-malware tool with 250 million users, has been exposed as having four vulnerabilities. The main one described involves the software fetching signature updates via unencrypted HTTP, which could allow an attacker to set up a man-in-the-middle attack. The vulnerabilities are the latest found in a number of […]

Read More →