How Much Web Security is Enough?

A good web application security environment is one that balances security with convenience. Nothing more and nothing less; just the security that’s needed to keep things reasonably in check. But just how much is enough?  All too often I see websites and applications with too little security while others have too much – namely “security […]

Read More →

Recently Backdoored WordPress Plugins

In the previous article, The Rise of the Backdoored WordPress Plugins, I discussed the ever-growing threat to WordPress security in the form of compromised plugins. As promised, here are the changes made by attackers to the popular plugins, WPtouch,  W3 Total Cache and AddThis. WPtouch This backdoor is using some advanced PHP tricks. It’s masked […]

Read More →

90% of US Companies Hacked!

Alarming results have been announced following a recent survey conducted by the Ponemon Research Institute and Juniper Networks. In their survey, 583 American companies were interviewed on security related questions. The result seems to correlate with what we have been seeing in the media during the past year; hackers are nearly always successful in their […]

Read More →

Using Acunetix HTTP Editor Tool

In this video we focus on the advanced penetration testing tool, HTTP Editor Tool, that is bundled with Acunetix Web Vulnerability Scanner. We begin by hacking a website using a source code disclosure vulnerability that was discovered using Acunetix Web Vulnerability Scanner and proceed to explain how we did the hack and how the HTTP […]

Read More →

The Cure for Many Web Application Security Ills

One of the things I’ve learned throughout my career is that many solutions to the problems we face in IT, security and software development can be solved if we simply turn to business leaders to see how it’s done. In particular, I’m talking about a practice called zero-based thinking. A tool that’s been around for […]

Read More →

The Rise of Backdoored WordPress Plugins

It all started a few months ago when I was visiting Lester Chan’s website looking for some information about one of his plugins. Lester Chan has written a good number of very popular WordPress plugins that are used by millions of people. Some of the most popular ones are WP-PageNavi, WP-DBManager, WP-PostRatings, WP-Polls and WP-PostViews. While […]

Read More →