Cookie Overdose

One of our customers recently reported that some parts of his site were not properly crawled by our scanner (Acunetix Web Vulnerability Scanner). Upon investigation, I found the cause of the problem. When a specific page was visited, a cookie with a random name and a large value was set. This page had many parameters and the crawler had […]

Read More →

Network Vulnerability Assessment Gotchas to Avoid

There’s a saying that experience is something you don’t get until just after you need it. It’s so true, especially in the context of information security and, specifically, network security testing. If you have any experience running vulnerability scans, you’ve no doubt been down that road with me. You know, the one where you scan […]

Read More →

How to Close Unused Open Ports

One of the checks done in a network scan by Acunetix Online Vulnerability Scanner (OVS) is a TCP and UDP port scan. Any open ports detected during the scan will be reported as shown in the screenshot. In this particular scan, these ports have been detected as being open on the server: 80, 1027, 135, […]

Read More →

Heartbleed – A Bigger Threat Than Meets the Eye

The Heartbleed Bug took the world by storm the moment the vulnerability became public. Heartbleed Bug is a serious vulnerability in the widely used OpenSSL cryptographic library. This weakness allows theft of data resident in the server’s memory, which generally comprises SSL/TLS encrypted information, including the server’s SSL private keys. According to Netcraft’s April 2014 […]

Read More →

E-commerce: The Real Cost of Convenience

The e-commerce business has been growing exponentially for the past 10 years. Hundreds of thousands of businesses have moved online and millions of users have taken their shopping to the Internet. During this rush, everyone seems to ignore security, as a concept and requirement. E-commerce businesses focus on uptime, ease of use and aesthetics when […]

Read More →

The TweetDeck Worm: How it Worked

TweetDeck is a very popular Twitter application (with 23% market share as of June 2009). The application was acquired by Twitter on May 25, 2011. On Wednesday, the user @derGeruhn, exploited a stored XSS (cross-site scripting) vulnerability in the TweetDeck application and created a worm that affected 82,138 Twitter users and forced them to retweet […]

Read More →