Do you ever get the feeling that something’s not quite right after you’ve performed an otherwise solid web security assessment? Well, as many of us have discovered, that nagging feeling in the pit of your stomach could be something as simple as not disabling the…
Web Security Tip of the Week: Why Do Hacker Attacks Happen?
Criminal hackers have it made. They know that many people don’t get – or completely ignore – online security. This attitude from many is at the core of why we experience website security issues. But, as problematic as the human factor can be, the real…
Acunetix Web Vulnerability Scanner Version 8 Build 20120808 Released
We are pleased to announce an updated build of Acunetix Web Vulnerability Scanner 8 (WVS 8). The new build 20120808 offers a number of new security checks for several different well known web applications, improvements and also a number bug fixes. New Feature: Acunetix WVS…
WordPress Users Roles
In a typical WordPress installation one can find a good number of users. Bloggers typically create new users on their blog to allow third party contributors to add blog posts, edit them, delete posts and to even activate or deactivate a plugin. These tasks are…
htaccess files should not be used for security restrictions
According to Apache documentation: .htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories…
Reuters.com WordPress hacked. False Syria blog posts posted
On Friday 3rd August 2012 Reuters.com announced that it was a victim of a hack attack. Reuters.com blogging platform (WordPress) was compromised and attackers posted several fake news articles that were attributed to its reporters. Parent company of Reuters.com, Thomson-Reuters said that along with the…
What if We Held Ourselves to the Security Certification Standards?
Confidentiality, compensating controls, risk transference are just a few of the core information security concepts covered by the CISSP exam – concepts that also happen to impact Web application security. Having recently completed the technical edits for a CISSP exam prep book, these principles are…
Take Care Handling the Results of Web Application Testing
How do you handle your web application testing, vulnerability scans, test data and related security assessment reports? I’ve found that this is something that doesn’t get a lot of attention in web application security circles but is still impactful to the business. It’s actually kind of ironic that…
Web Security Tip of the Week: Understanding WordPress Vulnerabilities
Did you know that if a system has an IP address or a URL, then it’s fair game for attack from a hacker? That’s been the universal law and it always will be. So why is it that WordPress security and WordPress vulnerabilities seem to…