When performing web security assessments, it’s easy for us to feel confident in what we see. Take Cross-Site Scripting (XSS) for instance. Your scanner finds this web vulnerability. You validate that it does indeed exist. What more is there to do? Well, it depends on…
The Value of Web Exploitation
Is the exploitation of web vulnerabilities worth the trouble? Does it create unnecessary risks that should be avoided? Why exploit flaws anyway? This is not a black and white circumstance. Every situation is unique. But here’s what I know. The exploitation of web security flaws…
IT Geek Speak and What Management Really Needs to Hear
Gerald Ford once said “Nothing in life is more important than the ability to communicate effectively.” What a profound statement that not only applies to our personal lives but also how far we go in our IT careers. There’s hardly anything that can cause IT…
What Is An .htaccess File?
An .htaccess file is a configuration file which provides the ability to specify configuration settings for a specific directory in a website. The .htaccess file can include one or more configuration settings which apply only for the directory in which the .htaccess file has been…
Protect Your WordPress Website from a Pharma Hack
One of the worst feelings I’ve ever experienced was when I received an email from one of my customers telling me that my website had been hacked. It got worse, as I couldn’t see any changes in my content, the design or the source code!…
Acunetix Parses Version Control Systems
A lot of developers are using version control systems such as SVN (Apache Subversion) and GIT in order to track changes in their source code. These types of server tools are essential for the organizations which have multi-developer projects. Most of these version control systems…
New Features in Acunetix WVS: Crawling of Websites with Different User-Agent Strings
Note: This article refers to an older version of Acunetix. Click here to download the latest version. When you visit a website your browser sends an HTTP header called “User-Agent” to the web server. This header indicates which web browser you are using, its version…
Checking For Vulnerabilities in Path Fragments
Note: This article refers to an older version of Acunetix. Click here to download the latest version. Nowadays, more and more people are using URL rewrite techniques to increase their “friendliness” to both users and search engines. With URL rewrites, a URL like http://www.site.com/cms/product.php?action=buy&id=1 is…
The One Web Security Oversight You Don’t Want to Miss
As I’ve written about scoping your Web security tests in the past, it’s not something to be taken lightly. Interestingly, there’s one aspect of Web security testing where I’m still seeing a big disconnect. The issue is how many critical Web systems are being dismissed…