Acunetix WVS helps Digicure discover web vulnerabilities

A proper web security audit is a mixture of automated and manual tests; Acunetix WVS provides a comprehensive tool for automated testing purposes and useful toolbox Digicure can use for manual penetration testing as well.  “The most impressive thing about Acunetix Web Vulnerability Scanner must be how comprehensive the application is. It contains countless features […]

Read More →

SQL Injection hits again; 168,000 personal records exposed

A hacker, who calls himself “ins3cted”, has demonstrated to Webwereld via video how by exploiting a simple SQL injection, he can retrieve 168,000 personal records from a Dutch website called Experience the OV (http://www.ervaarhetov.nl). Citizens living in the provinces of Gelderland, Overijssel and Flevoland are being encouraged to use public transport via a campaign that […]

Read More →

Security usability and accessibility

Recently security and accessibility issues have become an important topic to me. Although I had always considered accessibility and more specifically usability important in my designs, since I’m now down to one active hand two to a surgery on the other hand, I am now much more sensitive to the issue of accessibility. Call a […]

Read More →

Creating a Web security testing policy

If you’re reading this blog, Web security testing is undoubtedly on your radar. You may have an ongoing process for testing Web vulnerabilities but do you actually have a policy for it? I’m all about keep things simple with security and, when you think about it, adding more documentation, more rules, and more process often […]

Read More →

Security for WordPress Under Attack again

As widely reported in the past few days, major hosting operations such as GoDaddy, Verisign, Bluehost and others are being subjected to coordinated attacks on WordPress and ZendCart installations. At this point, while everyone sorts out the mess, it is unclear about how all of them are being affected (opinion is 50/50 that is from […]

Read More →

CRLF Injection Attacks and HTTP Response Splitting

The CRLF Injection Attack (sometimes also referred to as HTTP Response Splitting) is a fairly simple, yet extremely powerful web attack.  Hackers are actively exploiting this web application vulnerability to perform a large variety of attacks that include XSS cross-site scripting, cross-user defacement, positioning of client’s web-cache, hijacking of web pages, defacement and a myriad […]

Read More →