Heartbleed – A Bigger Threat Than Meets the Eye

The Heartbleed Bug took the world by storm the moment the vulnerability became public. Heartbleed Bug is a serious vulnerability in the widely used OpenSSL cryptographic library. This weakness allows theft of data resident in the server’s memory, which generally comprises SSL/TLS encrypted information, including the server’s SSL private keys. According to Netcraft’s April 2014 […]

Read More →

E-commerce: The Real Cost of Convenience

The e-commerce business has been growing exponentially for the past 10 years. Hundreds of thousands of businesses have moved online and millions of users have taken their shopping to the Internet. During this rush, everyone seems to ignore security, as a concept and requirement. E-commerce businesses focus on uptime, ease of use and aesthetics when […]

Read More →

The TweetDeck Worm: How it Worked

TweetDeck is a very popular Twitter application (with 23% market share as of June 2009). The application was acquired by Twitter on May 25, 2011. On Wednesday, the user @derGeruhn, exploited a stored XSS (cross-site scripting) vulnerability in the TweetDeck application and created a worm that affected 82,138 Twitter users and forced them to retweet […]

Read More →

Analysis of an Intrusion: DOS Attack

What is DOS? Denial of Service (DOS) attacks are a type of malicious activity aimed at disrupting the availability of a server or service so it can no longer deliver its functionality. Such attacks are motivated either politically (e.g. rival countries or rival parties), financially (e.g. to incapacitate a competitor), in protest (e.g. by activists […]

Read More →

Acunetix WVS v9.5 Build 20140602 – New Security Tests

Each Acunetix WVS update generally includes new vulnerability tests or an improvement to existing checks. This post summarizes the new security tests added in the latest Acunetix WVS update. Cross Domain Data Hijacking A website is vulnerable if an attacker can create/upload a malicious Flash (SWF) file or control the top part of any page. Acunetix WVS includes […]

Read More →

Getting Back to Basics with Web Security

It’s usually the simple things in life that create the most problems – we’ve all learned this universal law the hard way. Be it slick tires when driving in the rain, that extra decimal point when doing our taxes, or a bad Ethernet patch cable that’s discovered after hours of computer troubleshooting, it seems that […]

Read More →

Patching Servers is Not Enough

Patches and vulnerabilities Patches are pieces of code designed to fix ‘bugs’, enable additional functionality or address security flaws in operating systems and applications. Timely installation of patches on web servers and applications is generally recognized as critical to the success of website availability and security, especially considering the speed at which exploits are discovered. […]

Read More →