Note: This article refers to an older version of Acunetix. Click here to download the latest version. While beta testing the latest version of Acunetix WVS v7, we found a large number of security vulnerabilities in various web applications. In the following days we will…
Don't be an A$$
Welcome back from Summer, and I hope everyone has had a great break. Myself, I was able to take some time in July, but got real busy in August. During the summer I helped two very close friends with some significant IT issues which made…
Getting developers on board with security – once and for all
Making Web application security work is more than simply telling developers they need to write better code. We can scream “Write better code!” and “Integrate security into the application lifecycle!” at developers until end of time but that’s not going to fix the fundamental problems…
Web security oversights: Don’t overlook the “small” stuff
I was reviewing the most recent SANS @RISK Consensus Security Vulnerability Alert and it reminded me of how easy it is to get caught up in the big stuff and overlook the seemingly innocuous when performing Web security assessments. The @RISK alert lists 69 unique…
Cloud Computing Benefits
Mention “the cloud” and many who are not heavily involved in the preparation and creation of internet-based resources will turn their heads skyward. To be fair, cloud computing can be a difficult concept to grasp even for those who work within the IT industry because…
Dangerous XSS vulnerability found on YouTube – vulnerability explained
On the 4th of July 2010 YouTube users began complaining that their videos had been hijacked, the comments section of their videos seemed to be most severely affected, many complained that old comments vanished and new comments could not be added. Others reported that offensive messages were popping up on their screen or scrolling horizontally in large fonts and striking colors. Some users also seemed to suggest that there were experiencing page redirects, often to sites promoting pornographic content.
In-depth analysis of a PHP attack that lead to Apple information disclosure
Recently over 100,000 Apple customers were affected by an information gathering attack on the AT&T website. Security experts blame this breach on “poorly designed software”. An analysis of the attack reveals that the hackers did indeed use a classic attack, in fact…
7 Signs You’re Not Ready to Run a Web Vulnerability Scan
Looking to hop aboard the Web vulnerability scanning bandwagon to see just how vulnerable your Web site or application really is? Well, not so fast. Here are some signs you’re not ready to begin just yet: 1. You don’t have any desired outcomes…
Web application contingency plans – the missing link in Web security?
Why are Web applications out of the loop when it comes to contingency planning? Look at any given security incident response or disaster recovery plan (assuming they even exist) and chances are business critical Web applications and related systems are missing. At least that’s what…