Fighting Web flaws is futile

Do you ever find yourself driving down the road in an unfamiliar place and you get that gut feeling that you’re headed in the wrong direction? Well, I feel that’s exactly where we are with application security – heading in the wrong direction. First off,…

Read more

e107 CMS system website compromised

As part of my job here at Acunetix, from time to time I analyze source code looking for security problems. Using this information I adjust Acunetix WVS to detect these problems automatically (when it’s possible). Monday, I downloaded e107 from e107.org and started analyzing the…

Read more

Security is hard

The year debuted with ‘Operation Aurora‘: Google and over 30 other companies were hit by a spear phishing attack which resulted in theft of intellectual property from Google and probably other companies. Spear phishing is a targeted form of phishing in which an e-mail message might look…

Read more

Rockyou gets rocked by hackers and old exploit

Well, it has happened. This time, the users themselves have taken action against rockyou.com for their inadvertent disclosure of customer information.  Hacker activity has meant Rockyou disclosed what looks like over 32,000,000 accounts. Yes, 32 Million! What is interesting about this case, for me anyways,…

Read more

An In-Depth Look at SQL Injection

SQL injection attacks are one of the most common techniques hackers use to access secure information from web servers to carry out illegitimate activities.  This hacking technique also demonstrates how vulnerable systems are on not just the insecure ports and other firewall protected fronts, but…

Read more