This is the second part in the series on nginx security. This article follows on from Part 1 with more tips on hardening your nginx server configuration. 5. Make use of ModSecurity ModSecurity is an open-source module that works as a web application firewall. Different functionalities include…
New WordPress XSS Vulnerability gives attackers full control of your website
A dangerous XSS vulnerability has just been identified in WordPress versions prior to 4.0. Using comments, attackers may even be able to gain full administrative control of a vulnerable application. Therefore WordPress have released an urgent update, addressing this bug and 7 others. Users should…
Are you prepared for PCI v3.0?
At the end of December 2014 the new set of Payment Card Industry Data Security Standards (PCI DSS) will come largely into force, with just a few small elements having the later deadline of July 2015 to allow businesses time to adapt. If your company…
Delegate tasks, limit access and stay in control with Acunetix OVS Multi-User Access
A new feature to the online version of Acunetix – Acunetix Online Vulnerability Scanner (OVS) now allows the owner of an account to create child users, delegating vulnerability scanning and reporting tasks to other users and at the same time auditing their actions. This increased…
Analysing the latest trends in web application attacks
A recent study by a leading web application security vendor has highlighted some interesting statistics about web application attacks. Some of the findings examined below should enable web security practitioners to better anticipate, identify and act against cyber threats. Threat Growth One of the unsurprising…
Critical Drupal SQL Injection vulnerability
Drupal has released a HIGHLY CRITICAL security advisory for its latest version of the popular content management system, urgently advising users to update to Drupal 7.32 or install a patch to fix the vulnerability. The vulnerability, reported by Stefan Horst from SektionEins GmbH, allows for unauthenticated…
POODLE gives the final bite and puts SSLv3 to rest
Yesterday, the details of the latest vulnerability affecting SSL started emerging, and in no time, everyone started talking, or rather blogging about POODLE. POODLE stands for Padding Oracle On Downgraded Legacy Encryption and affects the 15 year old SSLv3, which should have been deprecated and…
ShellShock’s magnitude for potential damage – truly shocking!
48 hours since the latest in the series of BIG BUGS 2014 has made the news, and the Internet community is still struggling to assess the damage. After the initial moments of disbelief, researchers started coming to terms with the fact that Bash had a…
BASH Vulnerability leaves IT Experts Shell Shocked!
Yesterday, a critical vulnerability was reported in GNU Bash. Bash is the Bourne Again Shell that is installed on all Linux distributions. The vulnerability is related to the way environment variables are parsed before running the BASH shell. It is possible to create environment variables that include…