I was reviewing the most recent SANS @RISK Consensus Security Vulnerability Alert and it reminded me of how easy it is to get caught up in the big stuff and overlook the seemingly innocuous when performing Web security assessments. The @RISK alert lists 69 unique Web-related flaws across numerous platforms. The flaws run the gamut […]
Mention “the cloud” and many who are not heavily involved in the preparation and creation of internet-based resources will turn their heads skyward. To be fair, cloud computing can be a difficult concept to grasp even for those who work within the IT industry because it is something we can’t see or even access in […]
Everywhere we turn in the recent weeks we are reading articles, blog posts and social media updates about frustrations consumers are having with Adobe products. This comes in light of the Kaspersky Lab report titled “Information Security Threats In the First Quarter of 2010″ indicating that Adobe products are the number one choice for hackers […]
On the 4th of July 2010 YouTube users began complaining that their videos had been hijacked, the comments section of their videos seemed to be most severely affected, many complained that old comments vanished and new comments could not be added. Others reported that offensive messages were popping up on their screen or scrolling horizontally in large fonts and striking colors. Some users also seemed to suggest that there were experiencing page redirects, often to sites promoting pornographic content.
Acunetix Web Vulnerability Scanner placed first in a paper released by Adam Doup´e, Marco Cova, and Giovanni Vigna from the University of California, Santa Barbara. In the paper “Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners”, the authors compared the capalities of eleven black box web security scanners (both commercial and open […]
Acunetix will be exhibiting at the OWASP AppSec US 2010 in California. The event will take place between 7th and 10th of September 2010. The event will be held at UC Irvine Conference Center, in Irvine, California. For more details about the OWASP AppSec conference click here.
Recently over 100,000 Apple customers were affected by an information gathering attack on the AT&T website. Security experts blame this breach on “poorly designed software”. An analysis of the attack reveals that the hackers did indeed use a classic attack, in fact…
Looking to hop aboard the Web vulnerability scanning bandwagon to see just how vulnerable your Web site or application really is? Well, not so fast. Here are some signs you’re not ready to begin just yet: 1. You don’t have any desired outcomes from your scanning other than a PDF report you can share with […]
As I watch the debacle unfold in what is quickly becoming widely known as one of the worlds worst environmental disasters – I watch with interest the actions of Mr. Hayward – the CEO and point man for the BP Company. Since I’ve been working on my Executive MBA for the past year, leadership and its attributes […]
Why are Web applications out of the loop when it comes to contingency planning? Look at any given security incident response or disaster recovery plan (assuming they even exist) and chances are business critical Web applications and related systems are missing. At least that’s what I’m seeing. So let me get this straight, Web applications […]