This is the second part of an older article we posted, where we present some statistics from the top 1,000,000 sites on the internet. We are using the Alexa database as source for our statistics. In the first part of this article, we presented the…
Top 10 Reasons Not to Invest in Website Security
For some light humor! 1) You really enjoy waking up in the morning with your coffee, hitting your homepage, and finding a new page marketing ‘special offers’ for ‘enhancement’ products… You spill your coffee, burn…ouch. 2) You just love getting a hosting bill showing your…
Authenticated XSS – problem or not?
Obviously, cross-site scripting (XSS) is a big problem on the public Web. But there’s another angle to XSS that no one seems to be talking about – at least I’m not seeing anything on it. It’s the issue of XSS on Web pages that are…
e107 CMS system website compromised
As part of my job here at Acunetix, from time to time I analyze source code looking for security problems. Using this information I adjust Acunetix WVS to detect these problems automatically (when it’s possible). Monday, I downloaded e107 from e107.org and started analyzing the…
2009 Security News Update – PCI Council, Aweber, Adobe – Hacks and Cracks
Back for the last entry of 2009, here are the latest updates in the security world: Aweber announces its own incursion into its site, unnumbered amount of email addresses pilfered. AWeber was recently the victim of an intentional attack to mine email addresses. We’d like…
A Malicious Website Hacker Attacks – CitiGroup Denies Knowledge
While I try and not to be so graphic with my comments, I can’t help but feel CSI-esque lately with all of these website hacker attacks. So here we go again. This time, its CITI. Just reported today by marketwatch.com, Citigroups stock sank significantly based…
Looking past layer 7
When it comes to Web security why is it we always seem to focus on layer 7 only? Sure, it can be argued that XSS, SQL injection, flawed application logic and so on are the big deal items in any given Web system. But who…
Statistics from the top 1,000,000 websites
Note: This article refers to an older version of Acunetix. Click here to download the latest version. The next version of Acunetix Web Vulnerability Scanner (version 7), will contain a much more improved HTTP stack. While testing, we wanted to test the new HTTP stack…
Rockyou gets rocked by hackers and old exploit
Well, it has happened. This time, the users themselves have taken action against rockyou.com for their inadvertent disclosure of customer information. Hacker activity has meant Rockyou disclosed what looks like over 32,000,000 accounts. Yes, 32 Million! What is interesting about this case, for me anyways,…