Facts about Web Hacking Verizon Business conducted a 2009 study of 90 Web data breaches. The results of this study were presented in The Data Breach Investigative Report (DBIR) and included the following facts and figures: 285 million data records were exposed in the 90…
I wouldn’t want to be a developer these days
Are you a software developer? If so, I don’t envy you. Of all the possible positions working in and around IT, you’ve arguably got the toughest one. I’ve witnessed it over the years while performing my own security assessments as well as hearing about it…
Cross-site Scripting
One of the most common forms of Web application vulnerability is Cross-site Scripting. This security vulnerability allows attackers to implant malicious scripts into websites. The scripts will execute in the browsers of visitors to the site, within the hosting website security zone. This provides the…
The Threat of Directory Traversal Attacks
Understanding Directory Traversal One of the critical functions of a secure Web server is controlling access to restricted directories. HTTP exploit attacks circumvent Web server security and use malicious software to access the content of restricted directories. Directory Traversal is one such HTTP vulnerability. The…
OWASP Top Ten Most Critical Web Application Attacks
The Web application community is served by an organization called OWASP (the Open Web Application Security Project). OWASP is a non-profit global organization that focuses on providing information to help improve Web application security. OWASP has developed an awareness document called the OWASP Top Ten….
Acunetix WVS Version 7 build 20110124 released
An updated build of Acunetix WVS Version 7 has been released. In this build we introduced a new Cross-site scripting security check and also address a number of bug fixes. New security check: New type of XSS test introduced (parameter was set to javascript:…) Bug…
AJAX Application Attacks
Understanding Ajax and JavaScript Ajax is a popular technology for Web 2.0 applications. Ajax (which is shorthand for asynchronous JavaScript and XML) is not one component, but is a group of related development techniques for Web applications. At the heart of Ajax’s functionality is the…
How often should you test your web applications?
Periodic and consistent security checks – that’s the recipe for effective Web security, right? We hear this “best practice” recommendation all the time. It’s true but what exactly does it mean? How often do you really need to test your websites and web applications? Do…
How to choose a web vulnerability scanner
A must read interview for anyone who is interested in evaluating web vulnerability scanners. In this interview we discuss the process of choosing a web vulnerability scanner and underline several factors that should be taken into consideration in the decision-making process. Which is the best…