Web vulnerabilities can be split into two distinct groups; Technical Vulnerabilities and Logical Vulnerabilities. Technical vulnerabilities can be found by using automated processes, such as scanning a website with a web vulnerability scanner. On the other hand, logical vulnerabilities can only be detected manually. This…
The US National Vulnerability Database was Hacked and Infected with Malware
The US National Vulnerability Database has been hacked and infected with malware on the 8th of March 2013. Until today, the same place from where both black hats and white hats get information about existing software vulnerabilities, is still offline (15th of May 2013). So…
Incident Response Plan Template – The Essential Elements
Incident response is the art (and science) of responding to computer security-related breaches. Interestingly, most organizations I deal with don’t have a documented incident response plan. The last thing you want to do during and after a security breach is figure out the best approach…
There’s no Guarantee of Security
When it comes to the web, there’s never a guarantee of complete security. In fact, a clean bill of health doesn’t mean you truly have a clean bill of health. Similar to how a blood test or MRI scan cannot possibly find all health-related problems…
Protect Young Entrepreneur Start-up Business Websites with Acunetix
Young entrepreneurs in England looking to finance a new business should investigate the UK government’s Start-Up Loans program. Previously available only to people between the ages of 18 and 24 living in Britain, the government recently increased the age limit for applicants to 30. Start-Up…
How to Set (and Keep) Your Web Security Goals for 2013
Can you believe it’s time again for those New Year’s resolutions? It’s always great to start the New Year with a fresh set of to-do items that you’re finally going to get around to doing. The problem, however, is that when we set “resolutions”, the…
What if you Really Don’t have Anything Attackers Would Want?
I often make the argument that even if you don’t believe you have anything of value on your website, bad things can still happen. So, what exactly does this mean? Well, it’s not going to be the end of the world but having your website…
Don’t Be Held For Ransom with Ransomware
In her 5 December article in The New York Times, “For PC Virus Victims, Pay or Else,” cybersecurity reporter Nicole Perlroth discusses the growing threat of ransomware in the USA. Ransomware is a type of malware that takes your computer hostage, freezing it until you…
An Unhappy New Year – Security Researcher Discloses New Batch of MySQL Vulnerabilities
Earlier this month, on the Security Week website, Steve Ragan published an article about a security researcher who posted several vulnerabilities to the Full Disclosure mailing list – seven of these are MySQL vulnerabilities. The complete list of vulnerabilities is available here. CVE assignments have…