Restricting portions of a web application or directories on a web server to a small group of trusted users can greatly improve the security of a website or web application. Most web applications provide their own form-based methods for authentication, however, we can also make…
Author Archives Ian Muscat
THE AUTHOR
Ian Muscat
4 Tips to kickstart your application security effort
Securing web applications is not an easy task; especially when the application is constantly changing and business-critical. Identifying where to start could be overwhelming, especially if you’re just dipping your toes in application security. Here are four tips to help you get started. 1. Know your…
Scanning non-public web applications with Acunetix Online
The Software Development Life Cycle (SDLC) is full of challenges — developers have strict deadlines for creating functional, scalable, maintainable and testable code. What’s more, that code needs to be secure. Acunetix Online among other features, acts as an IP vulnerability scanner and can automatically…
GoDaddy Blind XSS vulnerability – How to detect it and other Out-of-Band Vulnerabilities
Recently, security researcher Matthew Bryant discovered a blind cross-site scripting (BXSS) vulnerability in GoDaddy’s customer support portal —that is the portal accessible only to GoDaddy customer service representatives, not customers. New post: Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS – https://t.co/uEJWPU8Y4O —…
Drupal Security: Top tips to secure your Drupal application
Drupal is a very popular Content Management System (CMS) on the Internet today. Drupal security should be at the forefront of anyone running a Drupal site, especially if running older versions of the CMS or it’s modules, since these are a ripe target for attackers….
Joomla! Security Tips: Securing Configurations
Heads up — Depending on your web server’s configuration for active extensions, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers Prevent Directory Listing Directory Listing occurs when…
Joomla Security: Top tips to secure a Joomla! application
Joomla! is a very popular Content Management System (CMS) on the Internet today. Joomla security should be at the forefront of anyone running a Joomla! site, especially ones running older versions of the CMS or it’s extensions, since these are a ripe target for attackers….
New attacks on SHA-1 and MD5 raise urgency for their obsolescence
A pair of researchers from INRIA, the French Institute for Research in Computer Science and Automation, have published an academic paper titled “Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH” in which they describe a series of transcript collision attacks against the ageing…
WordPress 4.4.1 security release patches XSS vulnerability
A high-severity Cross-site scripting (XSS) vulnerability has been fixed in WordPress’ new 4.4.1 release that is now available for download. In addition to the XSS vulnerability reported by security researcher ‘Crtc4L’, the release includes 51 other non-security bug-fixes. WordPress sites configured to receive automatic updates…