Online Security Considerations when Traveling

Whenever my friends or family members tell me they’ll be travelling abroad, I always like to remind them not to overlook online security when it comes to their website or blog, especially if accessing their accounts from an unknown computer. No doubt, most travelers will, at some point in their journeys, use email, manage their websites […]

Read More →

There’s More to Web Security than Meets the Eye

When we talk about Web security, we typically think about the common OWASP-type elements: SQL injection, cross-site scripting, passwords, encryption and the like. That’s fine but those areas can’t be our only focus. There’s so much more to managing information risks that’s often overlooked. Ask any information security manager or compliance officer and they’ll likely […]

Read More →

Web Passwords are Often the Weakest Link

Of the highly-visible hacks and data breaches over the past year, a large number of them were related to criminal hackers cracking weak Web passwords. This is arguably the most common Web flaw and something that anyone can exploit at any time. The bad guys don’t want you know this, but “mad hacker skillz”are not […]

Read More →

Web Security is Like the Layers of an Onion

If you’ve ever peeled an onion, you’ve seen the multiple layers that make up its existence all the way to the core. Securing your Web presence requires the same approach and it’s called “layered security”. Also referred to as “defense-in-depth”, the layered web security approach serves as a set of hoops an attacker must jump […]

Read More →

Acunetix WVS 8 Released Candidate Now Available!

We are pleased to announce a Release Candidate (RC) of the much-awaited Acunetix Web Vulnerability Scanner, version 8. This build fixes issues that were reported during the Beta stages of development and also adds a number of improvements which boost the accuracy of checks and make the scanning process even more intuitive and user friendly. […]

Read More →

To Validate or Not, Is That the Question?

Recently, a project manager I work with asked me if I had manually validated a set of security flaws I uncovered during a web security assessment. The flaws in question were related to the server host and not the actual Web application. I actually had not manually validated every single finding in that regard. I […]

Read More →

What Does Having a Hacked Website Mean?

When someone hacks a website, what are they trying to accomplish? Some just do it for fun while others have more dangerous things in mind and even worse, financial interests. Some hackers like to show off and will maybe replace your home page with a huge announcement that says your site has been defaced. Not […]

Read More →

WordPress Version 3.3.1 released

A new version of WordPress is available for download. WordPress version 3.3.1 includes a fix for a disclosed reflected cross-site scripting vulnerability reported by Joshua H., Hoang T., Stefan Zimmerman, Chris K and the GoDaddy team. It also includes 15 other fixes for several other bugs. Even though the reflected cross-site scripting vulnerability is hard […]

Read More →

Securing FTP Running on Your Web Server

I’ve had several questions from clients recently on how they can to secure FTP running on their web servers. The easy and short-sighted response would be “Are you nuts? You need to run FTP on a dedicated server!” However, looking at it from a business perspective considering things like money, politics, business process and third-party […]

Read More →