Understanding SQL Injection

SQL injection attacks are also often referred to as SQL malware.  Like local and remote file inclusion attacks, an SQL injection attack inserts a malicious script into a website’s code.  In this case, a web page that is using a tool like MySQL to query and manipulate a database through SQL (Structured Query Language) is […]

Read More →

What Is SEO Poisoning and What Does It Mean to You

SEO poisoning is a sophisticated attack that is being perpetrated on a daily basis.  Basically, the hacker includes a script (in apache config, in your WordPress blog, htaccess, etc.) that says, if the incoming user agent = googlebot, etc. SEND THEM here. If it’s not, display that site. So, in our customer’s example, all of […]

Read More →

Acunetix WVS Version 7 build 20101216 released

An updated build of Acunetix WVS Version 7 was released, featuring further DOM XSS checks improvements and addresses a number of bug fixes. New features: DOM XSS will now report the filename in which the attack was executed DOM XSS checks on document.open, window.open, window.navigate and more Bug fixes: Fixed: Aborting analysis while executing events […]

Read More →

Google Changes Malware Warnings

As expected, Google has changed their process when they detect malware or ‘malicious’ content on websites.  As reported today on CNET: ‘Google search results warn of compromised sites’ Google is now adding new links into the search results: ‘Starting today, Google search users should start seeing a new hyperlink warning that says “This site may […]

Read More →

DOM based Cross-site Scripting vulnerabilities

While a traditional cross-site scripting vulnerability occurs on the server-side code, document object model based cross-site scripting is a type of vulnerability which affects the script code in the client’s browser. DOM or the document object model is a way scripts can access the structure of a page in which they reside, and is used […]

Read More →

Acunetix WVS v7 build 20101206 automatically checks for DOM XSS

The new build of Acunetix Web Vulnerability scanner Version 7 checks for DOM based XSS vulnerabilities.  Unlike the traditional cross-site scripting vulnerability, document object model based cross-site scripting (DOM XSS) vulnerability is a type of vulnerability which affects the script code in the client’s browser.  To read and learn more about DOM based Cross-site scripting […]

Read More →