SQL injection attacks are also often referred to as SQL malware. Like local and remote file inclusion attacks, an SQL injection attack inserts a malicious script into a website’s code. In this case, a web page that is using a tool like MySQL to query…
A practical guide to dealing with Google’s Malware Warning
Have you ever been cruising the web, minding your own business, when your browser suddenly freezes your search and your pages start lighting up like you have tripped some terror alert color scheme gone mad? What if it’s your very own web site that is…
10 great ways to get hacked in the New Year
It’s that time of year for us to get inundated with all those Top 10 lists to help us achieve this, prevent that and so on. Those lists are valuable indeed, especially if you need some motivation to get your year started off on the…
Acunetix WVS Version 7 build 20101216 released
An updated build of Acunetix WVS Version 7 was released, featuring further DOM XSS checks improvements and addresses a number of bug fixes. New features: DOM XSS will now report the filename in which the attack was executed DOM XSS checks on document.open, window.open, window.navigate…
Google Changes Malware Warnings
As expected, Google has changed their process when they detect malware or ‘malicious’ content on websites. As reported today on CNET: ‘Google search results warn of compromised sites’ Google is now adding new links into the search results: ‘Starting today, Google search users should start…
Which scan policy should you use to find everything that matters?
If only Web application security were black and white. We could simply load our scanner without thinking anything through, enter the URL, click Scan, generate a report of issues for someone else to address and be done with it. Sadly I think some people do…
Google XSS Flaw in Website Optimizer Scripts explained
This week thousands of system administrators who make use of Goolge products will open their inbox to see an email from Google explaining that their Web Optimizer product contains an XSS flaw that allows hackers to inject scripts into their Google Optimized web pages.
Acunetix WVS v7 build 20101206 automatically checks for DOM XSS
The new build of Acunetix Web Vulnerability scanner Version 7 checks for DOM based XSS vulnerabilities. Unlike the traditional cross-site scripting vulnerability, document object model based cross-site scripting (DOM XSS) vulnerability is a type of vulnerability which affects the script code in the client’s browser. …
Statistics from a phisher’s list
Yesterday night I was following some security related forums and some person posted a phishing kit for a popular bank from Romania. A phishing kit is a collection of scripts to help a script kiddie launch a phishing exploit and steal data such as credit…