How to Close Unused Open Ports

One of the checks done in a network scan by Acunetix Online Vulnerability Scanner (OVS) is a TCP and UDP port scan. Any open ports detected during the scan will be reported as shown in the screenshot. In this particular scan, these ports have been detected as being open on the server: 80, 1027, 135, […]

Read More →

Heartbleed – A Bigger Threat Than Meets the Eye

The Heartbleed Bug took the world by storm the moment the vulnerability became public. Heartbleed Bug is a serious vulnerability in the widely used OpenSSL cryptographic library. This weakness allows theft of data resident in the server’s memory, which generally comprises SSL/TLS encrypted information, including the server’s SSL private keys. According to Netcraft’s April 2014 […]

Read More →

E-commerce: The Real Cost of Convenience

The e-commerce business has been growing exponentially for the past 10 years. Hundreds of thousands of businesses have moved online and millions of users have taken their shopping to the Internet. During this rush, everyone seems to ignore security, as a concept and requirement. E-commerce businesses focus on uptime, ease of use and aesthetics when […]

Read More →

The TweetDeck Worm: How it Worked

TweetDeck is a very popular Twitter application (with 23% market share as of June 2009). The application was acquired by Twitter on May 25, 2011. On Wednesday, the user @derGeruhn, exploited a stored XSS (cross-site scripting) vulnerability in the TweetDeck application and created a worm that affected 82,138 Twitter users and forced them to retweet […]

Read More →

Analysis of an Intrusion: DOS Attack

What is DOS? Denial of Service (DOS) attacks are a type of malicious activity aimed at disrupting the availability of a server or service so it can no longer deliver its functionality. Such attacks are motivated either politically (e.g. rival countries or rival parties), financially (e.g. to incapacitate a competitor), in protest (e.g. by activists […]

Read More →

Acunetix WVS v9.5 Build 20140602 – New Security Tests

Each Acunetix WVS update generally includes new vulnerability tests or an improvement to existing checks. This post summarizes the new security tests added in the latest Acunetix WVS update. Cross Domain Data Hijacking A website is vulnerable if an attacker can create/upload a malicious Flash (SWF) file or control the top part of any page. Acunetix WVS includes […]

Read More →