Top 10 Reasons Not to Invest in Website Security

For some light humor! 1) You really enjoy waking up in the morning with your coffee, hitting your homepage, and finding a new page marketing ‘special offers’ for ‘enhancement’ products… You spill your coffee, burn…ouch. 2) You just love getting a hosting bill showing your…

Read more

Authenticated XSS – problem or not?

Obviously, cross-site scripting (XSS) is a big problem on the public Web. But there’s another angle to XSS that no one seems to be talking about – at least I’m not seeing anything on it. It’s the issue of XSS on Web pages that are…

Read more

e107 CMS system website compromised

As part of my job here at Acunetix, from time to time I analyze source code looking for security problems. Using this information I adjust Acunetix WVS to detect these problems automatically (when it’s possible). Monday, I downloaded e107 from e107.org and started analyzing the…

Read more

Looking past layer 7

When it comes to Web security why is it we always seem to focus on layer 7 only? Sure, it can be argued that XSS, SQL injection, flawed application logic and so on are the big deal items in any given Web system. But who…

Read more

Statistics from the top 1,000,000 websites

Note: This article refers to an older version of Acunetix. Click here to download the latest version. The next version of Acunetix Web Vulnerability Scanner (version 7), will contain a much more improved HTTP stack.   While testing, we wanted to test the new HTTP stack…

Read more

Rockyou gets rocked by hackers and old exploit

Well, it has happened. This time, the users themselves have taken action against rockyou.com for their inadvertent disclosure of customer information.  Hacker activity has meant Rockyou disclosed what looks like over 32,000,000 accounts. Yes, 32 Million! What is interesting about this case, for me anyways,…

Read more