The Threat of Directory Traversal Attacks

Understanding Directory Traversal One of the critical functions of a secure Web server is controlling access to restricted directories. HTTP exploit attacks circumvent Web server security and use malicious software to access the content of restricted directories.  Directory Traversal is one such HTTP vulnerability. The…

Read more

AJAX Application Attacks

Understanding Ajax and JavaScript Ajax is a popular technology for Web 2.0 applications. Ajax (which is shorthand for asynchronous JavaScript and XML) is not one component, but is a group of related development techniques for Web applications. At the heart of Ajax’s functionality is the…

Read more

How to choose a web vulnerability scanner

A must read interview for anyone who is interested in evaluating web vulnerability scanners.  In this interview we discuss the process of choosing a web vulnerability scanner and underline several factors that should be taken into consideration in the decision-making process. Which is the best…

Read more

Understanding SQL Injection

SQL injection attacks are also often referred to as SQL malware.  Like local and remote file inclusion attacks, an SQL injection attack inserts a malicious script into a website’s code.  In this case, a web page that is using a tool like MySQL to query…

Read more

Google Changes Malware Warnings

As expected, Google has changed their process when they detect malware or ‘malicious’ content on websites.  As reported today on CNET: ‘Google search results warn of compromised sites’ Google is now adding new links into the search results: ‘Starting today, Google search users should start…

Read more