While I try and not to be so graphic with my comments, I can’t help but feel CSI-esque lately with all of these website hacker attacks. So here we go again. This time, its CITI. Just reported today by marketwatch.com, Citigroups stock sank significantly based…
Looking past layer 7
When it comes to Web security why is it we always seem to focus on layer 7 only? Sure, it can be argued that XSS, SQL injection, flawed application logic and so on are the big deal items in any given Web system. But who…
Statistics from the top 1,000,000 websites
Note: This article refers to an older version of Acunetix. Click here to download the latest version. The next version of Acunetix Web Vulnerability Scanner (version 7), will contain a much more improved HTTP stack. While testing, we wanted to test the new HTTP stack…
Acunetix WVS Version 6.5 build 20100111 released
An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks and bug fixes. New security checks: Test for File Upload IIS bug filename.asp;.jpg Test for WP-Forum 2.3 vulnerabilities JBoss rmi ping (network script) Bug Fixes: Bugfix: Modified…
Rockyou gets rocked by hackers and old exploit
Well, it has happened. This time, the users themselves have taken action against rockyou.com for their inadvertent disclosure of customer information. Hacker activity has meant Rockyou disclosed what looks like over 32,000,000 accounts. Yes, 32 Million! What is interesting about this case, for me anyways,…
An In-Depth Look at SQL Injection
SQL injection attacks are one of the most common techniques hackers use to access secure information from web servers to carry out illegitimate activities. This hacking technique also demonstrates how vulnerable systems are on not just the insecure ports and other firewall protected fronts, but…
Acunetix WVS Version 6.5 build 20091215 released
An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and a number of new security checks. New security checks: JBoss BSHDeployer MBean JBoss checks from RedTeam’s paper JBoss HttpAdaptor JMXInvokerServlet JBoss Server MBean JBoss ServerInfo MBean…
AcuSensor, curl and Zen Cart
Recently we’ve released a new build, build number 20091124. This build includes a new AcuSensor check named “curl_exec() url is controlled by user”. This new check will verify if the user can control the URL passed to curl_exec. In case you are not familiar with curl, below is…
Changes coming to the OWASP Top 10 in 2010
In the spirit of improving Web application security worldwide the folks at OWASP have released the OWASP Top 10 2010 “release candidate”. It’s currently open for comments and scheduled for final release the first quarter of next year. The biggest change you’ll see in this…