On the 5th of December 2011, the Pittsburgh chapter of ISACA will be hosting a one-day “Information Technology Audit & Control” Conference; with Acunetix reseller Jacadis — specialists in network and web security — as one of the gold corporate sponsors for the event aimed at IT auditors,…
Don’t Forget Your Marketing Website Security
I recently read about a marketing agency that experienced a security breach and subsequent defacement of its customers’ websites. Apparently their developers had misconfigured the web server and unknowingly gave the whole world access to change any and all content at will. What interested me…
Why people violate security policies
Many organizations have a formal set of information security policies covering everything from acceptable internet usage to security in software development to web application security. In fact, it’s hard to come across a business today that doesn’t have at least a policy or two in…
Not All Web Vulnerability Scans Are Created Equal
Recently a client of mine sent over the results of a web vulnerability scan that one of their customers had run against their production web environment. My client was curious why the results of this third-party scan were different from my findings just a few…
What Exactly Does Web Site Security Mean?
We hear a lot about Web Site Security but what exactly does that mean to you? Whether it’s for personal or business use, ensuring your web presence is represented by a safe website can have a deep impact on your online success. In fact, creating and…
Common Website Security Flaws and What They Mean
Having a successful online presence is hard enough. Throwing some website security-related terms into the mix makes it all the more difficult, especially if you’re not a technical person or computer security guru. Although some folks in IT intentionally make web vulnerabilities difficult to understand…
Acunetix to Be Exhibited at Globaltek 2011
Acunetix WVS will be exhibited at the 2011 Globaltek Security Conference — held on the 26th of October 2011 at the Hotel Dann Carlton in Bogotá, Colombia. Entry to the conference is free of charge, and the topics covered are guaranteed to be of interest to both…
PHP Security Directive: Your Website is Showing PHP Errors
With the display_error PHP configuration directive enabled, untrusted sources can see detailed web application environment error messages which include sensitive information that can be used to craft further attacks. Attackers will do anything to collect information in order to design their attack in a more sophisticated way…
VIDEO: How Cross-Site Scripting (XSS) Works
XSS vulnerabilities (Cross-Site Scripting vulnerabilities) are often overshadowed by their big cousin, the infamous SQL Injection. This does not make them any less effective or deadly. XSS and SQL Injection attacks are similar in the way they inject malicious code. The difference is that an…