Security for WordPress Under Attack again

As widely reported in the past few days, major hosting operations such as GoDaddy, Verisign, Bluehost and others are being subjected to coordinated attacks on WordPress and ZendCart installations. At this point, while everyone sorts out the mess, it is unclear about how all of them are being affected (opinion is 50/50 that is from […]

Read More →

CRLF Injection Attacks and HTTP Response Splitting

The CRLF Injection Attack (sometimes also referred to as HTTP Response Splitting) is a fairly simple, yet extremely powerful web attack.  Hackers are actively exploiting this web application vulnerability to perform a large variety of attacks that include XSS cross-site scripting, cross-user defacement, positioning of client’s web-cache, hijacking of web pages, defacement and a myriad […]

Read More →

The road to glory, from XSS to Root on apache.org

On the 9th of April 2010, Apache.org infrastructure suffered a direct and targeted attack on the server hosting the Apache issue-tracking software, Atlassian JIRA.  This is the second major compromise the Apache Software Foundation suffered in less than a year, when last August, the main Apache Foundation website was also hacked. The attackers crafted an […]

Read More →

Acunetix WVS Version 6.5 build 20100407 released

An updated build of Acunetix WVS Version 6.5 has been released.  This build includes a number of bug fixes Bug Fixes: Fixed: Login Sequence Recorder was not using client certificates when recording a login sequence Fixed: Login Sequence Recorder was not using the configured User Agent string Fixed: HTTP Sniffer was not handling some specific […]

Read More →

Fighting Web flaws is futile

Do you ever find yourself driving down the road in an unfamiliar place and you get that gut feeling that you’re headed in the wrong direction? Well, I feel that’s exactly where we are with application security – heading in the wrong direction. First off, with application security, most things are reactive: “Let’s just get […]

Read More →

Malware Survey Data – Customer Perspective

One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we’ve written quite alot about customer-specific impacts when they are infected… The ‘results’ run the gambit of 1000’s of dollars of losses over time, loss of SEO […]

Read More →