How to Avoid the Google Blacklist

In the ‘old days’ – around 4 to 6 years ago, when the Google Blacklist was less of a news item – hackers were primarily interested in stealing customer data from websites. They would cause absolute havoc after breaking in, stealing anything from customer credit card details, usernames, addresses and other details to perpetuate identity fraud, […]

Read More →

Acunetix WVS Version 7 build 20110209 released

An updated build of Acunetix WVS Version 7 was released.  With this new build, you can generate PCI 2.0 compliance reports and CWE/SANS top 25 reports. The Input Fields feature was also enhanced, and now it supports wildcards and prioritization of input fields. New features: PCI 2.0 compliance report template CWE/SANS top 25 complaince report […]

Read More →

General Facts and Figures on Web Hacking

Facts about Web Application Hacking Verizon Business conducted a 2009 study of 90 Web data breaches. The results of this study were presented in The Data Breach Investigative Report (DBIR) and included the following facts and figures: 285 million data records were exposed in the 90 data breaches, the equivalent of 9 exposures each second. […]

Read More →

I wouldn’t want to be a developer these days

Are you a software developer? If so, I don’t envy you.  Of all the possible positions working in and around IT, you’ve arguably got the toughest one. I’ve witnessed it over the years while performing my own security assessments as well as hearing about it from friends and colleagues who are developers. You’ve literally got […]

Read More →

Cross-site Scripting

One of the most common forms of Web application vulnerability is Cross-site Scripting.  This security vulnerability allows attackers to implant malicious scripts into websites.  The scripts will execute in the browsers of visitors to the site, within the hosting website security zone.  This provides the script with the correct privilege level to access and modify […]

Read More →

The Threat of Directory Traversal Attacks

Understanding Directory Traversal One of the critical functions of a secure Web server is controlling access to restricted directories. HTTP exploit attacks circumvent Web server security and use malicious software to access the content of restricted directories.  Directory Traversal is one such HTTP vulnerability. The goal of a Directory Traversal attack is to execute commands […]

Read More →

Top 10 Most Critical Web Application Attacks

The Web application community is served by an organization called OWASP (the Open Web Application Security Project). OWASP is a non-profit global organization that focuses on providing information to help improve Web application security. OWASP has developed an awareness document called the OWASP Top Ten. This document lists the most critical Web application security flaws. […]

Read More →

Acunetix WVS Version 7 build 20110124 released

An updated build of Acunetix WVS Version 7 has been released. In this build we introduced a new Cross-site scripting security check and also address a number of bug fixes. New security check: New type of XSS test introduced (parameter was set to javascript:…) Bug Fixes: Fixed: Scanner crash when scanning https sites with client […]

Read More →